firefox search redirected to different website

May 26, 2012 at 10:05:42
Specs: Windows Vista
I have tried the below security software.

tdsskiller
malwarebytes
cc cleaner
rogkill
hitman pro

the search is still being redirected. although i do notice the IE is not affected. i don't mind uninstall firefox and use IE going forward if that's the only way to solve this problem as long as the malware is gone too.

any feedback would be appreciated.


See More: firefox search redirected to different website

Report •

#1
May 26, 2012 at 10:51:56
Hi eric1032,
Could you please download and run Highjackthis.exe from this link and include the log in your next reply.
http://www.bleepingcomputer.com/fil...

Please reply and let us know if our help worked.


Report •

#2
May 26, 2012 at 12:09:45
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:17 PM, on 5/26/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\LogMeIn Backup\BackupSystray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Maxtor\MSS Backup\MaxBackService.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Maxtor\ManagerApp\msssort.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sticky-Notes\stickynotes.exe
C:\Users\Eric\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\LogMeIn Backup\LMIGuardian.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-hptb6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LogMeIn Backup GUI] "C:\Program Files\LogMeIn Backup\BackupSystray.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [MaxBackSchedule] "C:\Program Files\Maxtor\MSS Backup\maxbackservice.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [mssSort] "C:\Program Files\Maxtor\ManagerApp\msssort.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskScheduler] C:\ProWin11\32bit\TaskSch.exe
O4 - HKCU\..\Run: [Sticky-Notes] C:\Program Files\Sticky-Notes\stickynotes.exe
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\Eric\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3462078841-3283749093-3827126892-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-3462078841-3283749093-3827126892-1005\..\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'Default user')
O4 - Startup: Sticky Notes.lnk = C:\Windows\System32\StikyNot.exe
O4 - Startup: Triple Monitor.lnk = ?
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/c...
O16 - DPF: {5AB1EF72-6CC6-4090-9030-8E0ACF7E6D3E} (XPPIECtrl Class) - http://nba.tom.com/video/xppie.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/...
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O18 - Filter hijack: text/html - {e6697df8-8f36-490b-bb4a-a179a75bd5d1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a33c8195\aestsrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: LogMeIn Backup Maintenance Service (BackupMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn Backup\BackupMaint.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Comodo Online Storage Service (COSService.exe) - Comodo Security Solutions - C:\Program Files\COMODO\COMMON\COSService.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: LogMeIn Backup VSS Service (LMIBackupVSSService.exe) - LogMeIn, Inc. - C:\Program Files\LogMeIn Backup\lmibackupvssservice.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: LogMeIn Backup Storage PC Service (LogMeInBackupService.exe) - LogMeIn, Inc. - C:\Program Files\LogMeIn Backup\LogmeInBackupService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Unknown owner - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a33c8195\STacSV.exe
O23 - Service: Comodo BackUp Service (SynchronizationService.exe) - Comodo Security Solutions - C:\Program Files\COMODO\COMMON\SynchronizationService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 18511 bytes


Report •

#3
May 26, 2012 at 13:09:53
Nothing stands out as a red flag, maybe the O18 - Filter hijack: text/html - {e6697df8-8f36-490b-bb4a-a179a75bd5d1} - (no file)?

I would recommend removing the AVG toolbar as it has been seen to do questionable things. Here's a couple of links to more info;

http://www.wincom7.com/blog/uninsta...

http://www.systemlookup.com/lists.p...

These are my suggestions for removal;

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

I can not find anything on this entry? Maybe someone else might be able to help with it?
O18 - Filter hijack: text/html - {e6697df8-8f36-490b-bb4a-a179a75bd5d1} - (no file)

Please reply and let us know if our help worked.


Report •

Related Solutions

#4
May 26, 2012 at 13:12:31
You have a virus because you are using poor practices. Not having on a good security suite, running in admin and things like torrent files and bad web sites are common ways to get malware.

There is no known way to get rid of all malware other than a complete reload of the OS for OEM media. Apply a good security suite, use a standard user account at all times, put in a strong password for admin account and use run as and be sure to keep it updated. Keep away from stolen torrent files and refrain from loading on unknown programs.

Hang up and live.


Report •

#5
May 26, 2012 at 13:17:34
Could you please download Minitoolbox from this link;
http://www.bleepingcomputer.com/dow...


Checkmark following boxes:
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices (do NOT change any settings here)
List Users, Partitions and Memory size

Click Go and post the result.

Please reply and let us know if our help worked.


Report •

#6
May 26, 2012 at 14:57:53
combofix will probably be best for you...IF your OS is 32Bit
http://www.bleepingcomputer.com/com...
Follow the tutorial carefully

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#7
May 27, 2012 at 00:19:31
MiniToolBox by Farbar Version: 14-01-2012
Ran by Eric (administrator) on 27-05-2012 at 00:09:06
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

::1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)
Intel(R) WiFi Link 5100 = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : OfficeLaptopHPHDX
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : socal.rr.com
Description . . . . . . . . . . . : Intel(R) WiFi Link 5100
Physical Address. . . . . . . . . : 00-21-5D-7D-2B-DA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-23-8B-0B-DC-85
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a01f:ae81:4070:ffb4%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, May 26, 2012 11:40:00 PM
Lease Expires . . . . . . . . . . : Sunday, May 27, 2012 11:39:59 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 167781259
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-87-7D-51-00-23-8B-0B-DC-85
DNS Servers . . . . . . . . . . . : 68.94.156.1
68.94.157.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{608AF7E3-BD03-4FE9-832F-CFD3793F03C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.socal.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: google.com
Addresses: 74.125.224.197
74.125.224.198
74.125.224.199
74.125.224.200
74.125.224.201
74.125.224.206
74.125.224.192
74.125.224.193
74.125.224.194
74.125.224.195
74.125.224.196


Pinging google.com [74.125.224.169] with 32 bytes of data:
Reply from 74.125.224.169: bytes=32 time=128ms TTL=55
Reply from 74.125.224.169: bytes=32 time=83ms TTL=55

Ping statistics for 74.125.224.169:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 83ms, Maximum = 128ms, Average = 105ms
Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=165ms TTL=51
Reply from 209.191.122.70: bytes=32 time=168ms TTL=51

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 165ms, Maximum = 168ms, Average = 166ms
Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11 ...00 21 5d 7d 2b da ...... Intel(R) WiFi Link 5100
10 ...00 23 8b 0b dc 85 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.{608AF7E3-BD03-4FE9-832F-CFD3793F03C4}
16 ...00 00 00 00 00 00 00 e0 isatap.socal.rr.com
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.101 276
192.168.2.101 255.255.255.255 On-link 192.168.2.101 276
192.168.2.255 255.255.255.255 On-link 192.168.2.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::a01f:ae81:4070:ffb4/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/26/2012 11:41:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2012 11:21:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2012 09:49:34 AM) (Source: Application Error) (User: )
Description: Faulting application UltraMon.exe, version 3.0.2.0, time stamp 0x478c0f43, faulting module UltraMon.exe, version 3.0.2.0, time stamp 0x478c0f43, exception code 0xc0000005, fault offset 0x0001fb98,
process id 0x1164, application start time 0xUltraMon.exe0.

Error: (05/26/2012 09:47:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2012 01:42:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2012 01:21:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2012 08:53:32 PM) (Source: LogMeIn Guardian) (User: SYSTEM)SYSTEM
Description: LogMeIn Guardian has detected a problem with the LogMeIn software installed on this machine. The problem is locally identified by the following reference ID: 'be3706494dfa9d0d8bfc925a2b068fbf'.

Error: (05/25/2012 04:13:50 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
QBAddins (first time)
QBMenuItem (9 times)
AddTo (first time) ('AddCreateWorkOrdersHere'): Lookup value not found

Error: (05/25/2012 04:13:45 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle

Error: (05/25/2012 04:13:45 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle


System errors:
=============
Error: (05/26/2012 11:41:26 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (05/26/2012 11:41:08 PM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/26/2012 11:21:29 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (05/26/2012 11:21:14 PM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/26/2012 09:47:56 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/26/2012 09:47:31 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (05/26/2012 01:42:59 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (05/26/2012 01:42:54 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/26/2012 01:21:40 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/26/2012 01:21:25 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (05/01/2012 11:18:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 150 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/03/2012 11:29:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3595 seconds with 300 seconds of active time. This session ended with a crash.

Error: (03/25/2012 05:20:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/25/2012 05:19:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/13/2012 03:06:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3162 seconds with 240 seconds of active time. This session ended with a crash.

Error: (11/28/2011 00:37:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 44 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/26/2011 04:02:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 346691 seconds with 4860 seconds of active time. This session ended with a crash.

Error: (04/21/2011 03:57:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/10/2011 04:06:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15514 seconds with 3120 seconds of active time. This session ended with a crash.

Error: (10/23/2010 09:15:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1741 seconds with 1620 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
??????? 2.6
1099 Express Enterprise 2008
1099 Express Enterprise 2009
1099 Express Enterprise 2010
1099 Express Enterprise 2011
2009 Lacerte Tax
2010 Lacerte Tax
2011 Lacerte Tax
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.1.0)
Adobe Acrobat 8.1.0 Professional (Version: 8.1.0)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Shockwave Player (Version: 11.0)
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
AT&T Yahoo! Internet Mail
ATB
AutoUpdate (Version: 1.1)
AVG 2012 (Version: 12.0.2176)
AVG 2012 (Version: 12.0.2425)
AVG 2012 (Version: 2012.0.2176)
Backup995
Brother MFL-Pro Suite (Version: 1.00)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000)
CCleaner (Version: 3.19)
Checkpoint Tools for PPC (Version: 1.0.143)
COMODO BackUp (Version: 4.1.2.28)
COMODO Cloud (Version: 2.1.6.13)
Crystal Reports 2008 Runtime SP1 (Version: 12.1.0.882)
CyberLink YouCam (Version: 2.0.1616)
DigitalPersona Personal 3.1.0 (Version: 3.1.0.3276)
DisplayLink Core Software (Version: 5.2.24075.0)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 6.6.1)
DivX Player (Version: 6.8.2)
DivX Version Checker (Version: 7.0.0.19)
DivX Web Player (Version: 1.4.0)
Document eSort Components (Version: 3.2.0.75)
Download Manager 2.3.9 (Version: 2.3.9)
EntlClnt (Version: 1.1.0)
ESU for Microsoft Vista (Version: 1.0.0)
Google Chrome (Version: 19.0.1084.52)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2)
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.64.0)
HijackThis 2.0.2 (Version: 2.0.2)
HitmanPro 3.6 (Version: 3.6.0.156)
HP Active Support Library (Version: 3.1.6.1)
HP Customer Experience Enhancements (Version: 5.6.0.2510)
HP Doc Viewer (Version: 1.01.0005)
HP Help and Support (Version: 2.0.9.0)
HP MediaSmart Music/Photo/Video (Version: 1.0.2002)
HP MediaSmart SmartMenu (Version: 1.0.20)
HP MediaSmart TV (Version: 1.0.0729)
HP Photosmart Essential 2.5 (Version: 1.03.0000)
HP Photosmart Essential 3.0 (Version: 3.0)
HP Quick Launch Buttons 6.40 H2 (Version: 6.40 H2)
HP Smart Web Printing (Version: 110.0.19061)
HP Total Care Advisor (Version: 2.3.4394.2730)
HP Update (Version: 4.000.009.002)
HP User Guides 0115 (Version: 1.02.0000)
HP Wireless Assistant (Version: 3.00 K2)
HPNetworkAssistant (Version: 1.1.70)
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000)
HPTCSSetup (Version: 1.0.964.2626)
IDT Audio (Version: 1.0.6047.5)
Intel® Matrix Storage Manager
Intuit Entitlement Client (Version: 1.0.0)
Intuit Runtime Components 6.0.16 (Version: 6.0.16)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 27 (Version: 6.0.270)
JMicron JMB38X Flash Media Controller (Version: 1.00.16.01)
LLC DocuPAK
LogMeIn (Version: 4.0.784)
LogMeIn Backup (Version: 2.4.751)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Maxtor Quick Start (Version: 2.00.0210)
Microsoft .NET Compact Framework 3.5 (Version: 3.5.7283)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Accounting 2008 (Version: 3.0.8627.1)
Microsoft Office Accounting 2008 Equifax Addin (Version: 3.0.8231.0)
Microsoft Office Accounting 2008 Fixed Asset Manager (Version: 3.0.8231.0)
Microsoft Office Accounting 2008 PayPal Addin (Version: 3.0.8231.0)
Microsoft Office Accounting ADP Payroll Addin (Version: 0.0.0.0)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Outlook Personal Folders Backup (Version: 1.10.0.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SkyDrive (Version: 16.4.3347.0416)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31119)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31124)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
NVIDIA Drivers (Version: 1.3)
NVIDIA PhysX (Version: 9.09.0203)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PaperPort Image Printer (Version: 1.00.0000)
PDF Creator Pilot 4.3 (Version: 4.3)
Pdf995
PdfEdit995
PhotoNow! (Version: 1.1.4518)
PPC Library
PPC Practice Aids Audits of Nonpublic Companies (11-09) (Version: 2009.11.11)
PPC Practice Aids Audits of Nonpublic Companies (11-11) (Version: 2011.11.14)
PPCMultiSelector_Installer (Version: 1.1.2)
PPCWebMultiSelect (Version: 1.4.6)
ProSeries 2005
ProSeries 2006
ProSeries 2007
ProSeries 2008
ProSeries 2009
ProSeries 2010
ProSeries 2011
ProSeries Basic Edition 2005
ProSeries Basic Edition 2006
ProSeries Basic Edition 2007
ProSeries Basic Edition 2008
ProSeries Basic Edition 2009
ProSeries Basic Edition 2010
ProSeries Basic User's Guide 2007 (Version: 1.00.000)
ProSeries User's Guide 2007 (Version: 1.00.000)
ProtectSmart Hard Drive Protection (Version: 3.10 A7)
PSSWCORE (Version: 2.03.0000)
QuickBooks (Version: 21.0.4003.904)
QuickBooks Premier: Accountant Edition 2008 (Version: 18.0.4001.606)
QuickBooks Premier: Accountant Edition 2011 (Version: 21.0.4003.904)
QuickPlay SlingPlayer 0.4.6 (Version: 0.4.6)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
ScanSoft PaperPort 11 (Version: 11.1.0000)
Signature995
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.8 (Version: 5.8.154)
SlingPlayer (Version: 1.04.0206)
Sophos Anti-Rootkit 1.5.4 (Version: 1.5.4)
SOSO AddressBar Search (Version: 5.0.2.18)
Sticky-Notes (Version: 1.110)
STREET FIGHTER IV (Version: 1.00.3013)
SupportSoft Assisted Service (Version: 15)
Synaptics Pointing Device Driver (Version: 11.2.0.0)
TFP for 2008 (Version: Tax Year 2008)
UltraMon (Version: 3.0.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Validity Sensors software (Version: 2.7.44)
VersaCheck 2007 for QuickBooks (Version: 9.0.24.1)
VideoToolkit01 (Version: 110.0.171.000)
W-2 Express Enterprise 2009
W-2 Express Enterprise 2010
W-2 Express Enterprise 2011
WexTech AnswerWorks (Version: 1.00.000)
Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0) (Version: 04/29/2008 2.5.0.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
WinRAR archiver
Yahoo! BrowserPlus 2.9.8
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 3068.46 MB
Available physical RAM: 1858.92 MB
Total Pagefile: 6337.92 MB
Available Pagefile: 4830.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.79 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:224.09 GB) (Free:108.35 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:8.79 GB) (Free:1.62 GB) NTFS

========================= Users: ========================================

User accounts for \\OFFICELAPTOPHPH

Administrator ASPNET Eric
Guest Logmeinbackup LogMeInRemoteUser


**** End of log ****


Report •

#8
May 27, 2012 at 00:20:00
really appreciate the help. thanks


Report •

#9
May 27, 2012 at 00:38:17
Thanks for the log, there is one entry I want to double check using rootkit-buster.
I would like to download and run rootkit-buster from this link:
http://free.antivirus.com/rootkit-b...

In post #1 You mentioned Rogkill? Did you mean Rkill?

Please reply and let us know if our help worked.


Report •

#10
May 27, 2012 at 15:45:50
+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1061
| Computer Name: OFFICELAPTOPHPH
| OS version: 6.0-6002
| User Name: Eric
+----------------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\DigitalPersona\DB\Cache\ERIC-PC
SubKey : ERIC-PC
FullLength: 59
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\DigitalPersona\DB\Data\IdList
SubKey : IdList
FullLength: 57
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\DigitalPersona\DB\Data\Users
SubKey : Users
FullLength: 56
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\DigitalPersona\DB\MainDB\Users
SubKey : Users
FullLength: 58
4 hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwNotifyChangeKey
Image Path : C:\Windows\system32\DRIVERS\avgidsshimx.sys
OriginalHandler : 0x8260c609
CurrentHandler : 0xa9fa4004
ServiceNumber : 0xb5
ModuleName : avgidsshimx.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwNotifyChangeMultipleKeys
Image Path : C:\Windows\system32\DRIVERS\avgidsshimx.sys
OriginalHandler : 0x8260ba81
CurrentHandler : 0xa9fa40d4
ServiceNumber : 0xb6
ModuleName : avgidsshimx.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenProcess
Image Path : C:\Windows\system32\DRIVERS\avgidsshimx.sys
OriginalHandler : 0x8266dfae
CurrentHandler : 0xa9fa3d76
ServiceNumber : 0xc2
ModuleName : avgidsshimx.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateProcess
Image Path : C:\Windows\system32\DRIVERS\avgidsshimx.sys
OriginalHandler : 0x8263e143
CurrentHandler : 0xa9fa3e1e
ServiceNumber : 0x14e
ModuleName : avgidsshimx.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateThread
Image Path : C:\Windows\system32\DRIVERS\avgidsshimx.sys
OriginalHandler : 0x82669534
CurrentHandler : 0xa9fa3eba
ServiceNumber : 0x14f
ModuleName : avgidsshimx.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwWriteVirtualMemory
Image Path : C:\Windows\system32\DRIVERS\avgidsshimx.sys
OriginalHandler : 0x8265a92d
CurrentHandler : 0xa9fa3f56
ServiceNumber : 0x166
ModuleName : avgidsshimx.sys
SDTType : 0x0
No hidden operating system service hooks found.

--== Dump Hidden Port ==--
No hidden ports found.

--== Dump Kernel Code Patching ==--
No kernel code patching detected.

--== Dump Hidden Services ==--
No hidden services found.


Report •

#11
May 27, 2012 at 15:46:16
btw, yes it's rkill.

Report •

#12
May 27, 2012 at 23:46:02
Lets see the logs of these please.

tdsskiller
malwarebytes

rogkill
hitman pro


Report •

#13
May 28, 2012 at 01:42:25
Ok the Rootkit-Buster log looks ok.
Before you send the requested logs in, could you run the programs again. But this time they need to run as follows.
1) Rkill
2) Malwarebytes - full scan
3) HitmanPro

Please reply and let us know if our help worked.


Report •

#14
May 28, 2012 at 01:55:28
I would like to see the logs of the 1st scans, just to see what happened.

Report •

#15
June 3, 2012 at 18:16:27
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/03/2012 at 17:39:16.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Eric\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe


Rkill completed on 06/03/2012 at 17:39:21.


Report •

#16
June 3, 2012 at 18:17:14
alwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.03.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Eric :: OFFICELAPTOPHPH [administrator]

6/3/2012 3:51:58 PM
mbam-log-2012-06-03 (17-17-11).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 473401
Time elapsed: 1 hour(s), 18 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Eric\Downloads\avganti-virusfreeedition.exe (PUP.BundleInstaller.OI) -> No action taken.

(end)


Report •

#17
June 3, 2012 at 18:20:10
sry for the late reply but work has been busy and i just had to live with this redirect.

i posted log from Rkill, mbam.....for hitman pro, i lost the log but it detected bunch of tracking cookies and a file called w2setup.exe and indicated that it was a trojan. but i know it's a false positive as this is a program that i use.

the redirect is there after running the above.


Report •

#18
June 3, 2012 at 19:20:01
From the MBAM log.

"Files Detected: 1
C:\Users\Eric\Downloads\avganti-virusfreeedition.exe (PUP.BundleInstaller.OI) -> No action taken."

If your MBAM log indicates "No action taken." That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...


Report •

#19
June 3, 2012 at 19:23:58
Run combofix as already mentioned.

ComboFix
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.techsupportforum.com/sec...
http://www.forospyware.com/sUBs/Com...

Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
How to uninstall combofix
http://www.myantispyware.com/2008/0...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#20
June 5, 2012 at 18:31:51
i ran combo fix. the redirect problem is still there.

about to give up here...


Report •

#21
June 5, 2012 at 19:07:25
"i ran combo fix. the redirect problem is still there"

Now follow this guide.

http://www.selectrealsecurity.com/m...


Report •

#22
June 6, 2012 at 00:40:36
spent 3 hours following the guide, did every step. redirect still there.

this is very frustrating.

somehow explorer is not affected, maybe i should just get rid of firefox or clean install which is going to be crazy....


Report •

#23
June 6, 2012 at 03:17:50
Just a thought. Could you go to the Tools menu in your FF browser, and click Add-ons. See if there are any add-ons that you didn't install? XUL Cache is one to keep an eye out for.

Please reply and let us know if our help worked.


Report •

#24
June 6, 2012 at 04:16:47
firefox redirect

http://is.gd/SRuBOQ


Report •

#25
June 28, 2012 at 10:21:38
In your address bar, type in: “about:config”

Inside of the filter search box, type in:

browser.search.defaultenginename

Double click that entry (or right click and choose “Modify”) and then type in the name of the search engine you wish to have as the default search engine. It must be one that you already have installed and also make sure you type in the name correctly.

Now if you type in “Yahoo”, restart Firefox and when your browser comes back up you will see the red Yahoo “Y” and Yahoo as your default search engine.

Report •

#26
June 28, 2012 at 12:29:28
Browser virus.
Anything that redirects you to another website, such as going to Google or Yahoo! is a browser virus.
Whatever you did up until you first faced the problem, retrace your foot steps and delete and uninstall them.
Most anti-viruses hardly detect browser viruses.
Which is sad.
I recently... (past 48 hours) got a browser virus that was linked to one of my CNET downloads. The download came with this "Blekko" toolbar, and as well ans some "Anti-Phishing Domain Adviser"...
After hours and hours of virus scans in normal mode and safe mode (Using Avast!, and Malwarebytes), AND uninstalling my browser, the redirecting of websites still came about. (Using Google Chrome)
I looked up reviews of that anti phishing adviser crap, and it turned out to be the source of the problem.

Report •

Ask Question