Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Another day, another redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Another day, another redirect

Unread postby sglgoose » July 21st, 2012, 6:10 pm

I have an issue in IE and Firefox with some redirect issues. AVG finds viruses in IE but they are inaccessible. Any help would be appreciated. The biggest issue is that I am unable to download library books since this issue has been on my laptop. I can not use System Restore and I get a dialog box upon start up that I have to click to allow windows to start.

Thanks,

Steve

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/16/2009 12:22:49 AM
System Uptime: 7/21/2012 11:20:50 AM (6 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 1000/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 60.214 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1235: 6/18/2012 8:56:37 PM - Scheduled Checkpoint
RP1236: 6/19/2012 7:59:46 PM - Scheduled Checkpoint
RP1237: 6/21/2012 4:31:20 PM - Windows Update
RP1238: 6/22/2012 6:46:07 AM - Scheduled Checkpoint
RP1239: 6/25/2012 8:33:44 PM - Scheduled Checkpoint
RP1240: 7/1/2012 5:24:20 PM - Scheduled Checkpoint
RP1241: 7/4/2012 9:54:10 PM - Scheduled Checkpoint
RP1242: 7/7/2012 3:49:09 PM - Restore Operation
RP1243: 7/7/2012 9:50:15 PM - Removed OverDrive Media Console
RP1244: 7/7/2012 9:56:33 PM - Removed NWZ-S540 WALKMAN Guide.
RP1245: 7/7/2012 10:02:26 PM - Installed OverDrive Media Console
RP1246: 7/9/2012 12:13:42 PM - Restore Operation
RP1247: 7/11/2012 11:30:46 AM - Windows Update
RP1248: 7/13/2012 8:33:20 PM - Installed Java(TM) 7 Update 5
RP1249: 7/13/2012 8:35:40 PM - Installed JavaFX 2.1.1
RP1250: 7/18/2012 6:42:41 PM - Scheduled Checkpoint
RP1251: 7/19/2012 10:39:58 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.57
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
AVG 2011
AviSynth 2.5
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Content Transfer
DivX Web Player
DVD MovieFactory for TOSHIBA
Final Media Player 2011
Free File Opener v2011.7.0.1
Free Internet Window Washer
Garmin Lifetime Updater
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Itibiti RTC
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 7 Update 5
JavaFX 2.1.1
Lexmark 2500 Series
Lexmark Fax Solutions
LinkWare
magicJack
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MP3 Rocket
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
OverDrive Media Console
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.762
WildTangent Games
Windows Media Encoder 9 Series
Wise Registry Cleaner 7.34
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/20/2012 6:57:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
7/20/2012 6:55:52 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.15.180 for the Network Card with network address 002163E70F3E has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
7/20/2012 6:54:50 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/20/2012 6:54:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxddCATSCustConnectService service to connect.
7/20/2012 6:54:50 PM, Error: Service Control Manager [7000] - The lxddCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/20/2012 6:53:40 PM, Error: EventLog [6008] - The previous system shutdown at 6:04:54 AM on 7/20/2012 was unexpected.
7/20/2012 6:06:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service.
7/20/2012 6:06:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.
7/20/2012 6:05:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
7/20/2012 12:15:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
7/20/2012 12:15:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the W32Time service.
7/20/2012 12:14:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
7/19/2012 4:16:32 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.1.1.125 for the Network Card with network address 002163E70F3E has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
7/18/2012 5:53:52 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 002163E70F3E. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
7/18/2012 5:41:20 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 002163E70F3E has been denied by the DHCP server 10.1.1.20 (The DHCP Server sent a DHCPNACK message).
7/17/2012 5:20:00 PM, Error: EventLog [6008] - The previous system shutdown at 5:12:44 PM on 7/17/2012 was unexpected.
7/17/2012 5:17:46 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/16/2012 4:11:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
7/14/2012 2:08:12 PM, Error: EventLog [6008] - The previous system shutdown at 2:06:11 PM on 7/14/2012 was unexpected.
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Dad at 17:00:39 on 2012-07-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1915.701 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\lxddcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
uWindows: Load=c:\users\dad\locals~1\temp\msxamif.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [Itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exe
uRun: [cdloader] "c:\users\dad\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [Skytel] Skytel.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [LVCOMS] c:\windows\system32\LVCOMS.EXE
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [DXM6Patch_981116] c:\windows\p_981116.exe /Q:A
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
StartupFolder: c:\users\dad\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6C7D99C0-58FC-4E9E-8556-4E2D54A414F6} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dad\appdata\roaming\mozilla\firefox\profiles\winy49gm.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-yie8
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-16 20384]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9ba30ce32eabb;Google Update Service (gupdate1c9ba30ce32eabb);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-4-26 99248]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-16 954368]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-14 40776]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-7 113120]
S3 PROCEXP113;PROCEXP113;c:\windows\system32\drivers\PROCEXP113.SYS [2012-7-13 12568]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]
.
=============== Created Last 30 ================
.
2012-07-19 00:37:58 -------- d-----w- c:\windows\pss
2012-07-18 02:42:44 -------- d-----w- c:\users\dad\appdata\local\Free File Opener
2012-07-15 18:19:11 -------- d-----w- c:\users\dad\appdata\local\visi_coupon
2012-07-14 17:34:09 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-14 01:38:25 -------- d-----w- C:\ComboFix
2012-07-14 01:38:08 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-07-14 01:36:13 -------- d-----w- c:\program files\Oracle
2012-07-14 01:35:20 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-11 16:47:14 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 16:38:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-11 16:38:03 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2012-07-11 16:38:03 140920 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-07-11 16:38:02 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-07-11 16:38:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-11 16:38:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-07-11 16:37:59 748664 ----a-w- c:\program files\internet explorer\iexplore.exe
2012-07-11 16:37:59 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-07-11 16:37:57 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-07-11 16:37:57 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2012-07-11 16:37:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-11 15:59:09 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 15:59:07 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 15:59:07 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 15:58:41 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 15:58:41 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 15:58:41 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 00:02:48 332 ----a-w- C:\Start_.cmd
2012-07-09 21:06:31 -------- d-----w- c:\users\dad\appdata\roaming\Malwarebytes
2012-07-09 21:06:18 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 21:06:17 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-09 21:06:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-08 22:25:07 -------- d-----w- c:\program files\PC Tools
2012-07-08 22:11:46 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-08 22:11:45 -------- d-----w- c:\program files\common files\PC Tools
2012-07-08 22:10:36 -------- d-----w- c:\programdata\PC Tools
2012-07-08 22:10:35 -------- d-----w- c:\users\dad\appdata\roaming\TestApp
2012-07-08 22:07:56 -------- d-----w- c:\users\dad\Spybot
2012-07-08 03:02:47 -------- d-----w- c:\program files\OverDrive Media Console
2012-07-08 00:30:23 -------- d-----w- c:\users\dad\appdata\local\Macromedia
2012-07-08 00:27:07 -------- d-----w- c:\users\dad\appdata\local\Mozilla
2012-07-07 20:18:50 -------- d-----w- c:\users\dad\appdata\roaming\Wise Registry Cleaner
2012-07-07 20:18:25 -------- d-----w- c:\program files\Wise
.
==================== Find3M ====================
.
2012-07-17 22:23:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 22:23:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 03:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
============= FINISH: 17:01:55.58 ===============
sglgoose
Active Member
 
Posts: 4
Joined: July 21st, 2012, 5:44 pm
Advertisement
Register to Remove

Re: Another day, another redirect

Unread postby melboy » July 22nd, 2012, 12:50 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


===================================


ROOTKIT

Your computer is infected with a ROOTKIT. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.
The rootkit gives an intruder remote backdoor access to your computer. This gives intruders complete control of your computer to log your keystrokes, steal personal & critical system information, and Download and Execute files

You are strongly advised to do the following:

If you do any banking or other financial transactions on the PC, or if it should contain any other sensitive information:

  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
    DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
.

Though the malware has been identified and can be killed, due to its rootkit & backdoor functionality, and there is no way that it can be sure it can be trusted again. Many experts in the security community believe that once infected with this type of malware, the best course of action would be to do a reformat and reinstallation of the operating system (OS).

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwards.

Should you have any questions, please feel free to ask.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Another day, another redirect

Unread postby sglgoose » July 22nd, 2012, 3:06 pm

I would like to attempt to remove the Malware. I do use this computer for banking applications, but will refrain from doing so.
sglgoose
Active Member
 
Posts: 4
Joined: July 21st, 2012, 5:44 pm

Re: Another day, another redirect

Unread postby melboy » July 22nd, 2012, 3:18 pm

sglgoose wrote:I do use this computer for banking applications

My advice in light of the above information would be that a reinstall of windows is the best option. I can't stress enough the dangers infections such as these potentially pose to your financial well-being.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Another day, another redirect

Unread postby melboy » July 24th, 2012, 4:25 pm

Hi sglgoose

Do you still need help?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Another day, another redirect

Unread postby sglgoose » July 24th, 2012, 5:08 pm

No thanks, I bought another computer. Scared of having my accounts compromised. Thank you very much for you help.
sglgoose
Active Member
 
Posts: 4
Joined: July 21st, 2012, 5:44 pm

Re: Another day, another redirect

Unread postby melboy » July 24th, 2012, 6:50 pm

Hi sglgoose

I can understand your apprehension, but purchasing a new PC was a drastic step.

My advice was that a reformat & reinstallation of your Windows operating system would be sufficient to ensure complete recovery from this malware. Done correctly, this would have deleted all the data on the hard drive, including any malware present, leaving the system as clean as the day you first purchased it.

Below is some general advice on PC security & suggestions for programs to install. You may have your own preferences.

There is also MWR's short guide to staying safer online

  • Enable UAC
    The User Account Control (UAC) helps protect your PC against malicious software. http://windows.microsoft.com/en-US/wind ... nt-control

    1. Click on Start > Control Panel.
    2. In the search box, type uac, and then click Change User Account Control settings.
    3. Move the slider to choose when you want to be notified (I recommend at least the Default level).
    4. Click OK.

  • Antivirus
    Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.
    Suggestions:
    • Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
    • avast! Home Edition - Anti-virus program for Windows. The home edition is freeware for non-commercial users.
    • Microsoft Security Essentials - Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
    [Please note that trial pay is not needed to get any product for free.]
    It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts, system instability and false virus alerts.
  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Make Internet Explorer More Secure
    Even if you do not use Internet Explorer as you Primary/Default browser it is important to keep it updated. Internet Explorer can be utilised by other programs and therefore must be kept updated to avoid exploitable vulnerabilities.

  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


Recommended Programs

I would recommend the download and installation of some or all of the following programs, and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges. You can now trial the full versions features within the program. Click the Protection Tab to see.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE
.

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Another day, another redirect

Unread postby sglgoose » July 25th, 2012, 5:01 pm

Thank you for all of your advise. I do not have a window's recovery disc, they seldom come with a new compute purchase anymore. I am not sure how to go about a a reformat and installation of windows without having to purchase a new version. Thanks for all the links.
sglgoose
Active Member
 
Posts: 4
Joined: July 21st, 2012, 5:44 pm

Re: Another day, another redirect

Unread postby melboy » July 26th, 2012, 8:02 am

Is this a Toshiba notebook?

If so you may be able to recover it to factory settings by following the Instructions in this support document.

http://aps2.toshiba-tro.de/kb0/HTD1303440001R01.htm

What is the full model & model number of your computer?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Another day, another redirect

Unread postby Cypher » July 29th, 2012, 12:13 pm

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site,
please read: Donations For Malware Removal
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 132 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware