Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can't stop browser redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Can't stop browser redirects

Unread postby bmw3034 » September 21st, 2010, 7:05 am

A few weeks ago my computer was infected with a bogus antivirus website which put "alerts" on everything I tried to open. I was finally able to get rid of it (I think), but since then I am continually redirected when doing web searches on IE and Firefox. I have downloaded and run several antivirus/antimalware programs but still have the problem.

Also, I would like to clean up/get rid of outdated/unnecessary files. I don't know what many of them do or are for and I'm afraid to touch them.

THANKS for your help!

Mike


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:19 AM, on 9/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9993044f97810) (gupdate1c9993044f97810) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14090 bytes


UNINSTALL_LIST

Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 9.3
Advanced SystemCare 3
ALPS Touch Pad Driver
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI Control Panel
ATI Display Driver
AVG Free 9.0
Brava! Reader 3.3
Broadcom Management Programs
Canon CanoScan 8800F User Registration
Canon MP Navigator EX 1.0
Canon Utilities Solution Menu
CanoScan 8800F
Carbonite Online Backup Setup
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.9x Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Support Center (Support Software)
DellSupport
Digital Line Detect
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Glary Utilities 2.28.0.1011
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hello (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 2
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kat MP3 Recorder
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
McAfee Agent
McAfee VirusScan Enterprise
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Publisher 2002
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.6.10)
mPfMgr
mPfWiz
mProSafe
MSN
MSN Messenger 7.5
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
mToolkit
muvee Reveal Seagate Edition
mWlsSafe
mXML
mZConfig
NetWaiting
NetZeroInstallers
Photo Click
PowerDVD 5.2
Presto! PageManager 7.15.16
QuickSet
QuickTime
RealPlayer
ScanSoft OmniPage SE 4
Seagate Manager Installer
Seagate Manager Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype Toolbars
Skype™ 4.2
Sonic DLA
Sonic MyDVD
Sonic RecordNow! Plus
Sonic Update Manager
Spybot - Search & Destroy
SSH Secure Shell
Turbo Lister 2
Uniblue RegistryBooster
Uniblue System Tweaker
Uninstall Star Alliance Mileage Calculator
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Verizon Online
Verizon Online Support Center
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp (remove only)
Windows Defender
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows Presentation Foundation
Windows XP Service Pack 3
WinMX
WinPcap 3.1
WordPerfect Office 12
Yahoo! Messenger
bmw3034
Regular Member
 
Posts: 15
Joined: September 21st, 2010, 6:42 am
Advertisement
Register to Remove

Re: Can't stop browser redirects

Unread postby askey127 » September 24th, 2010, 7:46 am

Hi bmw3034,
A few things to do here, but each should be fairly staraightforward
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Advanced SystemCare 3
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7


Do NOT uninstall Java(TM) 6 Update 21

Now Uninstall EITHER AVG Free 9.0, OR the two McAfee applications: (McAfee Agent and McAfee VirusScan Enterprise).
(Do not choose to keep McAfee if it is not paid and up to date).
Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it.
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl +A), copy (Ctrl+C) and paste (Ctrl+V) the log contents into a reply.
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Can't stop browser redirects

Unread postby bmw3034 » September 25th, 2010, 9:06 pm

9-25-10

Hi askey127,

I did as you noted and it went ok. Logs are below.

The Temp File Cleaner removed 25,120 files (!) and freed 9.502 Gb space. This seems like a huge number of files; is it?!

A couple questions: Is Advanced System Care not a good program, was it superfluous, or did it conflict with the other antivirus programs I have?

Also, of the two deletion alternatives you noted, I chose to get rid of AVG Free9.0 and keep the two McAfee's (why are there two?). Do you feel McAfree is a better program than AVG, or vice versa?

I have not yet tried browsing/searching to see if the redirects have hopefully stopped, but thanks in advance for your help!!

Barring any continuing problem, is there anything else I need to do?

---------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:21 PM, on 9/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet
Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file
missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst
/reshowat=900
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
-Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program
Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program
Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program
Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) -
http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet
Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program
Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program
Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9993044f97810) (gupdate1c9993044f97810) - Google Inc. - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program
Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan
Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common
Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan
Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program
Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. -
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12820 bytes

===================================

UNINSTALL_LIST

Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 9.3.4
ALPS Touch Pad Driver
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI Control Panel
ATI Display Driver
Brava! Reader 3.3
Broadcom Management Programs
Canon CanoScan 8800F User Registration
Canon MP Navigator EX 1.0
Canon Utilities Solution Menu
CanoScan 8800F
Carbonite Online Backup Setup
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.9x Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Support Center (Support Software)
DellSupport
Digital Line Detect
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Glary Utilities 2.28.0.1011
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hello (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 21
Kat MP3 Recorder
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
McAfee Agent
McAfee VirusScan Enterprise
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Publisher 2002
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.6.10)
mPfMgr
mPfWiz
mProSafe
MSN
MSN Messenger 7.5
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
mToolkit
muvee Reveal Seagate Edition
mWlsSafe
mXML
mZConfig
NetWaiting
NetZeroInstallers
Photo Click
PowerDVD 5.2
Presto! PageManager 7.15.16
QuickSet
QuickTime
RealPlayer
ScanSoft OmniPage SE 4
Seagate Manager Installer
Seagate Manager Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype Toolbars
Skype™ 4.2
Sonic DLA
Sonic MyDVD
Sonic RecordNow! Plus
Sonic Update Manager
Spybot - Search & Destroy
SSH Secure Shell
Turbo Lister 2
Uniblue RegistryBooster
Uniblue System Tweaker
Uninstall Star Alliance Mileage Calculator
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Verizon Online
Verizon Online Support Center
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp (remove only)
Windows Defender
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows Presentation Foundation
Windows XP Service Pack 3
WinMX
WinPcap 3.1
WordPerfect Office 12
Yahoo! Messenger

---------
bmw3034
Regular Member
 
Posts: 15
Joined: September 21st, 2010, 6:42 am

STILL HAVING A PROBLEM!_Re: Can't stop browser redirects

Unread postby bmw3034 » September 26th, 2010, 3:46 am

9-25-10, 9:30pm

Hello again,

I just tried doing searches on the Google toolbars on both IE and Firefox and I am still getting redirected. I ran another scan log and uninstall log, shown below. Thanks for your help once again!

------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:21 PM, on 9/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet
Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst
/reshowat=900
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
-Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program
Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program
Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program
Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) -
http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet
Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program
Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program
Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9993044f97810) (gupdate1c9993044f97810) - Google Inc. - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program
Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan
Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common
Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan
Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program
Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. -
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12598 bytes

================

UNINSTALL_LIST

Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 9.3.4
ALPS Touch Pad Driver
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI Control Panel
ATI Display Driver
Brava! Reader 3.3
Broadcom Management Programs
Canon CanoScan 8800F User Registration
Canon MP Navigator EX 1.0
Canon Utilities Solution Menu
CanoScan 8800F
Carbonite Online Backup Setup
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.9x Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Support Center (Support Software)
DellSupport
Digital Line Detect
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Glary Utilities 2.28.0.1011
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hello (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Intel(R) PROSet/Wireless Software
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 21
Kat MP3 Recorder
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
McAfee Agent
McAfee VirusScan Enterprise
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Publisher 2002
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.6.10)
mPfMgr
mPfWiz
mProSafe
MSN
MSN Messenger 7.5
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
mToolkit
muvee Reveal Seagate Edition
mWlsSafe
mXML
mZConfig
NetWaiting
NetZeroInstallers
Photo Click
PowerDVD 5.2
Presto! PageManager 7.15.16
QuickSet
QuickTime
RealPlayer
ScanSoft OmniPage SE 4
Seagate Manager Installer
Seagate Manager Installer
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Skype Toolbars
Skype™ 4.2
Sonic DLA
Sonic MyDVD
Sonic RecordNow! Plus
Sonic Update Manager
Spybot - Search & Destroy
SSH Secure Shell
Turbo Lister 2
Uniblue RegistryBooster
Uniblue System Tweaker
Uninstall Star Alliance Mileage Calculator
VC80CRTRedist - 8.0.50727.4053
Verizon Online
Verizon Online Support Center
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp (remove only)
Windows Defender
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows Presentation Foundation
WinMX
WinPcap 3.1
WordPerfect Office 12
Yahoo! Messenger

========
bmw3034
Regular Member
 
Posts: 15
Joined: September 21st, 2010, 6:42 am

Re: Can't stop browser redirects

Unread postby askey127 » September 26th, 2010, 7:51 am

bmw3034,
The Temp File Cleaner removed 25,120 files (!) and freed 9.502 Gb space. This seems like a huge number of files; is it?!
It is quite a lot, but not terribly unusual if you haven't run a good cleaner in a long time. Removing that stuff will speed up the machine to some extent.

A couple questions: Is Advanced System Care not a good program, was it superfluous, or did it conflict with the other antivirus programs I have?
All of the above. IOBit was caught copying virus signatures directly from Malwarebytes and pretending they were from their own research. Not the kind of Security provider I want.

Also, of the two deletion alternatives you noted, I chose to get rid of AVG Free9.0 and keep the two McAfee's (why are there two?). Do you feel McAfree is a better program than AVG, or vice versa?
Of the two, a good choice. AVG is paid to provide the ASK toolbar (aka Linkscanner), which itself can produce undesirable redirects.
McAfee provides their "suite" in a manner where many of their tasks are handled separately. Convenient for their updates, Not quite as convenient for the customer.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Ad-Aware
Uniblue Registry Booster

Take extra care in answering questions posed by any Uninstaller.
Never use a Registry Optimizer or Booster. A perfect one won't work. An imperfect one can wreck your machine.
Ad-Aware is totally superfluous with Malwarebytes on board.
-----------------------------------------------------------

Now that the preliminaries are out of the way, let's find the reasons for the redirects.
First have a look for signs of a rootkit:
------------------------------------------------
Download and Run Rkill
Please download Rkill from one of the following links and save to your Desktop:
One, Two,Three or Four
  • Double click on Rkill.
  • A command window will open, then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue. If you cannot get one of the downloads to work for you, try one of the other links.
If you cannot get Rkill to run without being stopped, don't proceed further, and post back to tell me about it.
-------------------------------------------------------------
Scan With RKUnHooker
Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. UNcheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. (eg. desktop) then Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

When you provide any logs from now on, please Uncheck Notepad's Word Wrap before posting. (It's under Format in the top menu).
Thanks,
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Can't stop browser redirects

Unread postby bmw3034 » September 26th, 2010, 4:55 pm

Hi,

Rkill stopped running. Report attached.
Also report for RKunhook.

Question: Does something called "mystart.incredimail" cause redirects? I seem to have that on my Firefox.

Thanks!

------

RKILL LOG

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as LSA on 09/26/2010 at 10:23:35.

Services Stopped:

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\LSA\Desktop\rkill.exe

Rkill completed on 09/26/2010 at 10:23:42.

=======================

RKUNHOOKER LOG

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF666C000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 3211264 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0xBF087000 C:\WINDOWS\System32\ati3duag.dll 2256896 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6499000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF69C8000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 909312 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF63F1000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF760C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF2AE000 C:\WINDOWS\System32\ativvaxx.dll 483328 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xBA579000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF62FE000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xBA6AC000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB7AC2000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF7573000 mfehidk.sys 335872 bytes (McAfee, Inc., McAfee Link Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF65ED000 C:\WINDOWS\system32\drivers\STAC97.sys 270336 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xB741B000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF63B4000 C:\WINDOWS\system32\DRIVERS\iwca.sys 249856 bytes (Intel Corporation, Intel Wireless Connection Agent)
0xBF04B000 C:\WINDOWS\System32\ati2cqag.dll 245760 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 233472 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF6598000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 200704 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF635C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF77E0000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB7D21000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF75DF000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF76F7000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xBA611000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBA65E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF776C000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xBA686000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF65C9000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6990000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF662F000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xBA63C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF76D7000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7792000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF77B1000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF6652000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 106496 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xF75C5000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7723000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xB840A000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xB83F1000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF773C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7754000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7699000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF639D000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB8423000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF76B0000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xB7614000 C:\WINDOWS\system32\drivers\mfeavfk.sys 86016 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB7EDC000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF697C000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xF69B4000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EE000 ACPI_HAL 81152 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xBA705000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF76C5000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7629000 C:\WINDOWS\system32\drivers\mfeapfk.sys 69632 bytes (McAfee, Inc., Access Protection Filter Driver)
0xF77CF000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF638C000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF6E1E000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF79BF000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF79AF000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF793F000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF74E3000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF79DF000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF78FF000 Lbd.sys 61440 bytes
0xF79CF000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB8081000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7A7F000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF794F000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF788F000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF785F000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF7A9F000 C:\WINDOWS\system32\drivers\mfetdik.sys 57344 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xF78EF000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF6DEE000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF79EF000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF784F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF78CF000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF78BF000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7A0F000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF795F000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF798F000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF796F000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF797F000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF6DFE000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 45056 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xF7533000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF6DDE000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF783F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF79FF000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF792F000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF6E6E000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF782F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7A4F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF790F000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF78AF000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF787F000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF791F000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF7A3F000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF78DF000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7A8F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF6E0E000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB76D2000 C:\WINDOWS\system32\drivers\mfebopk.sys 36864 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xF7A1F000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7553000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB6BF5000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF786F000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF6E5E000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF789F000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF74F3000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF6B2E000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7BA7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7ADF000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF7AEF000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF6B46000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7AC7000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF7B77000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7B17000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF7AAF000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7B0F000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF7AE7000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF7B47000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7AF7000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF7AFF000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF6B36000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF6B3E000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7B8F000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF7B6F000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7B97000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7B07000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF7AD7000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF7ACF000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF7B9F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF6AFE000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Inc, OMCI Device Driver)
0xF7AB7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF6B0E000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF6B06000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7ABF000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF6B26000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7B37000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB83ED000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF7C4F000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF7D27000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xF7C5F000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF7C47000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7C67000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF7D2B000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7C4B000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF7C57000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF7C63000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF7472000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB82E9000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7C53000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xB84AD000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7C5B000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF7C3F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7C43000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF6E90000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6E9C000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF6EA0000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB7BED000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF74AF000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF74A3000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7CFF000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB83E9000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF7D0F000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7D3B000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7D7B000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D3D000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7D33000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF7DED000 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 8192 bytes (Gteko Ltd., Process Trigger Driver)
0xF7D4D000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xF7D79000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D35000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D2F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D81000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D3F000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF7D83000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D69000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7D6F000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D71000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7D37000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF7D73000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D39000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7D31000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7F4D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7E3A000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7E3B000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7EE2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7E3C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7DF7000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7E49000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7E4B000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================
0x044F0000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x86087DA0 ] PID: 2780, 28672 bytes
0x03DF0000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x86087DA0 ] PID: 2780, 45056 bytes
0x02E00000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x86087DA0 ] PID: 2780, 77824 bytes
bmw3034
Regular Member
 
Posts: 15
Joined: September 21st, 2010, 6:42 am

Re: Can't stop browser redirects

Unread postby askey127 » September 26th, 2010, 5:51 pm

bmw3034,
Incredimail is a junk spyware program.
We will get it eventually.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE MCAFEE SECURITY CENTER
    Please navigate to the system tray and double-click the taskbar icon to open Security Center.
    • Click Advanced Menu (bottom mid-left).
    • Click Configure (left).
    • Click Computer & Files (top left).
    • VirusScan can be disabled in the right-hand module and set when it should resume or you can do that manually later on.
    • Do the same via Internet & Network for Firewall Plus.
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts. When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Can't stop browser redirects

Unread postby askey127 » September 29th, 2010, 6:06 pm

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Can't stop browser redirects

Unread postby askey127 » September 30th, 2010, 7:32 am

Re-Opened at the request of the Poster.
Please tell me whether McAfee subscription is paid for and up to date.
Also tell me where you got the McAfee software.
The version you have is usually for corporate use, and I am not familiar with the locations of all the controls for it.
That is probably why you couldn''t make the instructions work.

Combofix needs to be run, and the antivirus needs to be disabled for Combofix work.
If necessary, we can remove McAfee, run Combofix, and then install a new antivirus.

Tell me about McAfee and we will go from there.
Please also tell me if you have already downloaded Combofix, renamed it and saved it on your desktop.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Can't stop browser redirects

Unread postby bmw3034 » September 30th, 2010, 5:04 pm

The McAfee VirusScan was provided by the University where I work. We are allowed to install it on our home computer. So I'm sure it's up to date.

I believe you said there was a second McAfee program. Not sure what that is, although there may have been one pre-loaded on the computer when I bought it several years ago.

I downloaded Combofix and renamed it, but when I couldn't get the McAfee turned off, I deleted the ComboFix without opening it.

Thanks.
bmw3034
Regular Member
 
Posts: 15
Joined: September 21st, 2010, 6:42 am

Re: Can't stop browser redirects

Unread postby askey127 » October 1st, 2010, 7:56 am

bmw3034,
OK, thanks for the update.
We are going to remove McAfee, and install a very effective Antivirus we can deal with.
Please do the following, in the order presented here.
After you remove McAfee and reboot, do not surf the Internet before installing Antivir.
-----------------------------------------------
Download Antivir Free
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Save the Installer to your desktop, but don't run it yet.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

McAfee Agent
McAfee VirusScan Enterprise

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------
Install, Update, Scan with Antivir
Double Click the Avira Antivir Installer on your desktop, Install the program, Have it update itself, and run a full scan.
Have it fix anything it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Can't stop browser redirects

Unread postby bmw3034 » October 2nd, 2010, 9:58 pm

Followed steps you indicated.

bmw3034

---------------

Avira AntiVir Personal
Report file date: Saturday, October 02, 2010 12:37

Scanning for 2894943 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : D7GR5G61

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 23:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 23:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 05:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 10:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 20:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 06:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 04:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 03:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 22:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 22:23:32
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 22:24:10
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 22:25:30
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 22:26:28
VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 22:26:28
VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 22:26:28
VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 22:26:29
VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 22:26:29
VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 22:26:32
VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 22:26:35
VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 22:26:37
VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 22:26:39
VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 22:26:42
VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 22:26:45
VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 22:26:47
VBASE020.VDF : 7.10.12.100 2048 Bytes 10/1/2010 22:26:47
VBASE021.VDF : 7.10.12.101 2048 Bytes 10/1/2010 22:26:48
VBASE022.VDF : 7.10.12.102 2048 Bytes 10/1/2010 22:26:48
VBASE023.VDF : 7.10.12.103 2048 Bytes 10/1/2010 22:26:48
VBASE024.VDF : 7.10.12.104 2048 Bytes 10/1/2010 22:26:48
VBASE025.VDF : 7.10.12.105 2048 Bytes 10/1/2010 22:26:49
VBASE026.VDF : 7.10.12.106 2048 Bytes 10/1/2010 22:26:49
VBASE027.VDF : 7.10.12.107 2048 Bytes 10/1/2010 22:26:49
VBASE028.VDF : 7.10.12.108 2048 Bytes 10/1/2010 22:26:49
VBASE029.VDF : 7.10.12.109 2048 Bytes 10/1/2010 22:26:50
VBASE030.VDF : 7.10.12.110 2048 Bytes 10/1/2010 22:26:50
VBASE031.VDF : 7.10.12.111 2048 Bytes 10/1/2010 22:26:50
Engineversion : 8.2.4.72
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/2/2010 22:27:47
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 10/2/2010 22:27:46
AESCN.DLL : 8.1.6.1 127347 Bytes 10/2/2010 22:27:40
AESBX.DLL : 8.1.3.1 254324 Bytes 10/2/2010 22:27:49
AERDL.DLL : 8.1.9.2 635252 Bytes 10/2/2010 22:27:38
AEPACK.DLL : 8.2.3.7 471413 Bytes 10/2/2010 22:27:33
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10/2/2010 22:27:28
AEHEUR.DLL : 8.1.2.30 2941303 Bytes 10/2/2010 22:27:26
AEHELP.DLL : 8.1.13.4 242038 Bytes 10/2/2010 22:27:05
AEGEN.DLL : 8.1.3.23 401779 Bytes 10/2/2010 22:27:03
AEEMU.DLL : 8.1.2.0 393588 Bytes 10/2/2010 22:26:59
AECORE.DLL : 8.1.17.0 196982 Bytes 10/2/2010 22:26:57
AEBB.DLL : 8.1.1.0 53618 Bytes 10/2/2010 22:26:55
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 23:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 23:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/19/2010 03:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 23:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 23:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 23:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 20:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 23:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/17/2010 02:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/20/2010 01:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/29/2010 00:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/10/2010 01:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, October 02, 2010 12:37

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-1793655679-2771350527-967806413-1005\Software\Microsoft\Multimedia\5
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1793655679-2771350527-967806413-1005\SYSTEM\CurrentControlSet\5
[NOTE] The registry entry is invisible.
HKEY_USERS\.DEFAULT\Software\Microsoft\Multimedia\5
[NOTE] The registry entry is invisible.
HKEY_USERS\.DEFAULT\System\CurrentControlSet\5
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Multimedia\5
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'LOGON.SCR' - '19' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'avgnt.exe' - '47' Module(s) have been scanned
Scan process 'sched.exe' - '51' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'wuauclt.exe' - '36' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '41' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '48' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'wscntfy.exe' - '21' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '15' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '24' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '57' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '21' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'FreeAgentService.exe' - '38' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'ymsgr_tray.exe' - '29' Module(s) have been scanned
Scan process 'mpbtn.exe' - '26' Module(s) have been scanned
Scan process 'DLG.exe' - '25' Module(s) have been scanned
Scan process 'msmsgs.exe' - '43' Module(s) have been scanned
Scan process 'ctfmon.exe' - '26' Module(s) have been scanned
Scan process 'WrtProc.exe' - '20' Module(s) have been scanned
Scan process 'DSAgnt.exe' - '78' Module(s) have been scanned
Scan process 'MSASCui.exe' - '35' Module(s) have been scanned
Scan process 'apdproxy.exe' - '35' Module(s) have been scanned
Scan process 'WrtMon.exe' - '21' Module(s) have been scanned
Scan process 'OpwareSE4.exe' - '17' Module(s) have been scanned
Scan process 'StxMenuMgr.exe' - '29' Module(s) have been scanned
Scan process 'CarbonitePreinstaller.exe' - '28' Module(s) have been scanned
Scan process 'Apntex.exe' - '18' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '58' Module(s) have been scanned
Scan process '1XConfig.exe' - '35' Module(s) have been scanned
Scan process 'MotiveSB.exe' - '67' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '30' Module(s) have been scanned
Scan process 'DMXLauncher.exe' - '21' Module(s) have been scanned
Scan process 'quickset.exe' - '55' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '23' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '35' Module(s) have been scanned
Scan process 'ifrmewrk.exe' - '48' Module(s) have been scanned
Scan process 'Apoint.exe' - '36' Module(s) have been scanned
Scan process 'rundll32.exe' - '30' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'Explorer.EXE' - '108' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '18' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'ZcfgSvc.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'WLKeeper.exe' - '39' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '38' Module(s) have been scanned
Scan process 'EvtEng.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '166' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '14' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '69' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1810' files ).


Starting the file scan:

Begin scan in 'C:\'


End of the scan: Saturday, October 02, 2010 14:17
Used time: 1:40:19 Hour(s)

The scan has been done completely.

8733 Scanned directories
257756 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
257756 Files not concerned
3702 Archives were scanned
0 Warnings
0 Notes
664703 Objects were scanned with rootkit scan
7 Hidden objects were found
bmw3034
Regular Member
 
Posts: 15
Joined: September 21st, 2010, 6:42 am

Re: Can't stop browser redirects

Unread postby askey127 » October 3rd, 2010, 7:51 am

bmw3034,
It may be easier for you if you print out this instruction before you run it.
You can use File, Print Preview in your browser to see which page(s) at the end to print so you don't have to print out the whole topic. Hit the Alt key in Firefox to get the menu bar.
In my Firefox it's Pages from 61 to 62.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software after downloading but BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE AVIRA ANTIVIR
    Please navigate to the system tray on the bottom right hand corner and look for an open umbrella on red background (looks like this:Image )
    • Right click it and untick any of the options AntiVir Guard enable, Antivir Webguard enable, and Antivir Mailguard enable, that are present.
    • You should now see a closed umbrella on a red background (looks like this: Image )
    The AntiVir Guards are now disabled.
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts. When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to roll up its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Can't stop browser redirects

Unread postby bmw3034 » October 4th, 2010, 5:21 am

Ran ComboFix. Here is Log:

ComboFix 10-10-03.01 - LSA 10/03/2010 22:57:31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.539 [GMT -10:00]
Running from: c:\documents and settings\LSA\Desktop\zzz.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-02 22:33 . 2010-10-02 22:33 -------- d-----w- c:\documents and settings\LSA\Application Data\Avira
2010-10-02 22:21 . 2010-03-01 20:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-02 22:21 . 2010-02-17 00:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-02 22:21 . 2009-05-11 22:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-02 22:21 . 2009-05-11 22:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-02 22:21 . 2010-10-02 22:21 -------- d-----w- c:\program files\Avira
2010-10-02 22:21 . 2010-10-02 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-09-26 00:30 . 2010-10-03 10:39 -------- d-----w- c:\windows\system32\wbem\Logs
2010-09-21 10:12 . 2010-09-21 10:12 -------- d-----w- c:\program files\Trend Micro
2010-09-19 11:13 . 2010-05-22 00:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-19 11:11 . 2010-09-19 11:11 -------- d-----w- c:\program files\Windows Defender
2010-09-18 21:38 . 2010-09-18 21:38 -------- d-----w- c:\documents and settings\LSA\Application Data\Malwarebytes
2010-09-18 21:38 . 2010-04-30 01:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-18 21:38 . 2010-09-18 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-18 21:38 . 2010-04-30 01:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-18 21:38 . 2010-09-18 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-18 21:06 . 2010-09-18 21:07 5272616 ----a-w- c:\documents and settings\LSA\Application Data\Uniblue\RegistryBooster\_temp\ub.exe
2010-09-12 01:02 . 2010-09-12 01:02 -------- d-----w- c:\program files\AVG
2010-09-11 08:20 . 2010-09-11 08:20 503808 ----a-w- c:\documents and settings\LSA\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-736bdd64-n\msvcp71.dll
2010-09-11 08:20 . 2010-09-11 08:20 499712 ----a-w- c:\documents and settings\LSA\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-736bdd64-n\jmc.dll
2010-09-11 08:20 . 2010-09-11 08:20 348160 ----a-w- c:\documents and settings\LSA\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-736bdd64-n\msvcr71.dll
2010-09-11 08:20 . 2010-09-11 08:20 61440 ----a-w- c:\documents and settings\LSA\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-79ac3007-n\decora-sse.dll
2010-09-11 08:20 . 2010-09-11 08:20 12800 ----a-w- c:\documents and settings\LSA\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-79ac3007-n\decora-d3d.dll
2010-09-11 08:19 . 2010-07-17 15:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-09 09:31 . 2010-09-09 09:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-09 09:22 . 2010-09-09 09:22 -------- d-----w- c:\documents and settings\LSA\Local Settings\Application Data\Sunbelt Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 22:14 . 2005-08-21 22:48 -------- d-----w- c:\program files\McAfee
2010-10-02 22:14 . 2005-08-21 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-09-29 08:56 . 2008-04-27 23:26 -------- d-----w- c:\program files\Kat MP3 Recorder
2010-09-26 20:17 . 2010-07-17 20:06 -------- d-----w- c:\program files\Uniblue
2010-09-26 20:15 . 2005-07-20 08:48 -------- d-----w- c:\program files\Lavasoft
2010-09-26 20:15 . 2008-04-27 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-09-25 23:54 . 2005-03-16 20:40 -------- d-----w- c:\program files\Java
2010-09-25 23:54 . 2005-03-16 20:40 -------- d-----w- c:\program files\Common Files\Java
2010-09-25 23:37 . 2005-09-11 03:27 -------- d-----w- c:\program files\Google
2010-09-16 09:55 . 2010-08-01 06:53 452104 ----a-w- c:\documents and settings\LSA\Application Data\Real\Update\setup3.12\setup.exe
2010-09-11 09:30 . 2010-01-30 08:27 -------- d-----w- c:\program files\Glary Utilities
2010-09-09 08:31 . 2005-03-16 20:56 94072 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-08 08:40 . 2006-09-02 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates
2010-09-04 20:12 . 2005-03-16 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-09-03 10:08 . 2010-09-03 10:08 -------- d-----w- c:\program files\MSBuild
2010-08-17 18:10 . 2010-09-01 02:37 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
2010-08-14 10:34 . 2008-05-04 23:40 -------- d-----w- c:\documents and settings\LSA\Application Data\Skype
2010-08-14 10:16 . 2010-08-14 10:16 57344 --sha-r- c:\windows\system32\C_28591S.dll
2010-08-14 10:02 . 2008-05-04 23:43 -------- d-----w- c:\documents and settings\LSA\Application Data\skypePM
2010-08-11 20:47 . 2010-08-09 01:19 -------- d-----w- c:\documents and settings\LSA\Application Data\Canon
2010-08-09 01:17 . 2010-08-09 01:17 -------- d-----w- c:\documents and settings\LSA\Application Data\ArcSoft
2010-08-09 01:04 . 2005-03-23 08:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-09 00:39 . 2010-08-09 00:25 -------- d-----w- c:\program files\Canon
2010-08-09 00:35 . 2010-08-09 00:35 -------- d-----w- c:\program files\Common Files\NewSoft
2010-08-09 00:34 . 2010-08-09 00:34 -------- d-----w- c:\program files\Common Files\PDFView
2010-08-09 00:34 . 2010-08-09 00:34 -------- d-----w- c:\program files\NewSoft
2010-08-09 00:34 . 2005-03-16 20:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-09 00:33 . 2010-08-09 00:33 -------- d-----w- c:\documents and settings\LSA\Application Data\ScanSoft
2010-08-09 00:33 . 2010-08-09 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-08-09 00:32 . 2010-08-09 00:32 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-08-09 00:32 . 2010-08-09 00:32 -------- d-----w- c:\program files\ScanSoft
2010-08-09 00:29 . 2010-08-09 00:29 -------- d-----w- c:\program files\ArcSoft
2010-08-09 00:28 . 2010-08-09 00:28 -------- d-----w- c:\program files\Common Files\CANON
2010-08-09 00:26 . 2010-08-09 00:26 -------- d--h--w- c:\program files\CanonBJ
2010-08-08 23:31 . 2010-08-08 23:30 26641904 ----a-w- c:\documents and settings\LSA\Application Data\Real\Update\setup3.12\rp\RealPlayerSPGold.exe
2010-08-08 23:30 . 2010-08-08 23:30 220272 ----a-w- c:\documents and settings\LSA\Application Data\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-08-08 23:30 . 2010-08-08 23:30 149000 ----a-w- c:\documents and settings\LSA\Application Data\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-08-08 23:30 . 2010-08-08 23:30 13407072 ----a-w- c:\documents and settings\LSA\Application Data\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-08-08 23:29 . 2010-08-08 23:29 79368 ----a-w- c:\documents and settings\LSA\Application Data\Real\Update\setup3.12\RUP\vista.exe
2010-08-08 23:29 . 2010-08-08 23:29 73344 ----a-w- c:\documents and settings\LSA\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-08-08 23:29 . 2010-08-08 23:29 64000 ----a-w- c:\documents and settings\LSA\Application Data\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-08-08 23:29 . 2010-08-08 23:29 52288 ----a-w- c:\documents and settings\LSA\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-08-08 23:29 . 2010-08-08 23:29 122880 ----a-w- c:\documents and settings\LSA\Application Data\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-08-07 21:40 . 2010-07-20 09:55 27630760 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-07-09 14:26 . 2010-09-01 02:38 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe
2008-07-26 08:27 . 2008-07-26 08:27 7499056 ----a-w- c:\program files\Firefox Setup 3.0.1.exe
2006-05-06 06:25 . 2006-05-06 06:25 508 ----a-w- c:\program files\Shortcut to Screen Recorder.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-12-01 4662776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-10-07 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-01 57344]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-09-27 610304]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"Motive SmartBridge"="c:\progra~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2005-07-25 385024]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-3-16 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Verizon Online Support Center.lnk - c:\program files\Verizon Online\bin\matcli.exe [2005-7-9 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/2/2010 12:21 PM 135336]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c9993044f97810;Google Update Service (gupdate1c9993044f97810);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2009 1:08 PM 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [8/2/2005 11:10 AM 32512]
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 22:34]

2010-10-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-30 20:32]

2010-10-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-27 10:19]

2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 23:07]

2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 23:07]

2010-10-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 05:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\LSA\Application Data\Mozilla\Firefox\Profiles\vvldmw2g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_ ... ar&search=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1793655679-2771350527-967806413-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(1152)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-10-03 23:05:54
ComboFix-quarantined-files.txt 2010-10-04 09:05

Pre-Run: 42,185,584,640 bytes free
Post-Run: 42,187,964,416 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AF9CF38852108A97E4236EF6268F79DE


thanks,
bmw3034
bmw3034
Regular Member
 
Posts: 15
Joined: September 21st, 2010, 6:42 am

Re: Can't stop browser redirects

Unread postby askey127 » October 4th, 2010, 7:57 am

bmw3034,
Can you tell me:
  • Is there a pattern as to which websites you are being redirected?
  • Are there any other PCs on the same wireless router as your machine? If so, are they experiencing any redirects?
  • Was the Router administrator password changed when the Router was installed?
    • They actually publish the list of the original, default passwords for each router on the Internet. You can look it up for your make and model.
      Router Passwords Default List : http://www.phenoelit-us.org/dpl/dpl.html
    • If it is not changed when the router is installed, a ZLOB or other infection can use the default password and change your router settings, so as to intercept every communication by passing it through a spyware server. It will definitely produce redirects.
  • In that situation, the router has to be re-installed so the malware server address can be removed. (Then the password can be changed)

You do have quite a few extra startups running on the machine, but nothing clearly malicious.

Before conducting any more detailed investigations, I would like to hear your comments.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware