Tech Problem Aggregator

# Auto redirect to unknown site when visiting Friendster

Q: Auto redirect to unknown site when visiting Friendster

I have a problem when visiting Friendster webpage with my Microsoft Internet Explorer 6.0.

Whenever i type in the url of Friendster the webpage will automatically redirect to an unknown website.

It's getting on my nerves as i can't go to Friendster. However, there's no problem if i'm using the web browser of RealPlayer.

A: Auto redirect to unknown site when visiting Friendster

Hello and welcome to Techspot.

I have just checked out the site you refer to with both Firefox and IE with no problems.

I would suggest therefore that your IE may have been hijacked.

Go Here and follow the instructions.

Regards Howard :wave: :wave:

1 more replies

Hello.

I've not had this happen to me before. On visiting "RosariansCorner" I receive the attached message.

I can get to the site through the cached sites in Google but can't navigate the actual site.

Have you come across this before. Other sites are fine. I'm using Firefox and Windows XP.

Thank you.

Penny.

More replies

I made a search for the above problem with google and lead me here. I downlowded Combo fix and I finally got this log:ComboFix 10-04-21.01 - vasilis 26/04/2010 11:39:37.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1253.30.1033.18.2047.1558 [GMT 3:00]Running from: c:\documents and settings\vasilis\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\0fkk02x.exeC:\9jyhdim8.exeC:\autorun.infC:\chxnxyx.exec:\docume~1\vasilis\LOCALS~1\Temp\cvasds0.dllc:\docume~1\vasilis\LOCALS~1\Temp\cvasds1.dllc:\docume~1\vasilis\LOCALS~1\Temp\herss.exec:\documents and settings\vasilis\Recent\.pifC:\dqm.exeC:\utcddeq.exec:\windows\system32\SHELLLNK.TLBC:\wyskq6lt.exe.((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 ))))))))))))))))))))))))))))))).2010-04-26 06:08 . 2010-04-26 06:08 128512 --sh--r- C:\hc3hvi0.exe2010-04-24 05:58 . 2010-04-24 05:58 128000 --sh--r- C:\twhvna.exe2010-04-22 06:03 . 2010-04-23 06:32 128512 --sh--r- C:\vgyn6ewc.exe2010-04-19 06:27 . 2010-04-21 06:26 127488 --sh--r- C:\r3fhr.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-26 07:55 . 2009-02-09 14:05 10 ----a-w- c:\windows\popcinfo.dat2010-04... Read more

A:Problem visiting mcafee site

10 more replies

Hey all Iam tryinng to fix my parents computer. They keep getting "warning visiting this site may harm your computer" when in I.E. I understand this is Malware but shouldnt of Norton 360 have caught this?Anywayz here's the HiJack this LOG, Iam also trying to learn so If someone can explain what iam looking for in this log?Here it is:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:03:07 AM, on 7/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Expl... Read more

A:warning visiting this site may harm your computer

Here is the DDS Log:
DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 10:49:09.23 on Thu 07/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.996 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe

3 more replies

Hello,

I am running a P4 Q6600 with Windows XP SP2. I use Firefox, just updated to 12, and have AVG 2012 loaded
(unfortunately, it lists my current AVG Safe Search as incompatible with Firefox 12).
I went to a legitimate business website, and apparently the website has been recently hijacked because
instead of the expected content (that was in the Google cache), an illegitimate-appearing virus warning
appeared in the browser window. I closed the window, but found thereafter that when visiting google.com with Firefox,
Firefox always said it was "Connecting to 213.174.137.82...". This is my main symptom. I didn't observe
this on other intact computers, but I found others on BleepingComputer that had infections associated
with this address (such as http://www.bleepingcomputer.com/forums/topic445802.html, but with slightly different
symptoms -- Google seems to work okay for many searches in my case). I don't perceive significant slowing,
but strangely after running DDS and GMER for a while, my mouse stopped working (I plugged in another one
and it worked for a short while but also stopped) and I started getting delayed write errors. Upon rebooting, the computer
seems to work okay but it still displays the "Connecting to 213.174.137.82..." message with Firefox browsing google.com.

I visited the business website that seemed to initiate the problems again but on a Linux computer, and
I found the URL redirected to a suspicious-appearing .ru address, wher... Read more

A:"Connecting to 213.174.137.82..." appears after visiting hacked site

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

14 more replies

after i restarted my computer everything looked to be fine until i went on to craigslist and all of the sudden this malwareweblink.com (http://malwareweblist.com/block.php?id=2036-2&url=http://vancouver.en.craigslist.org/forums/?act=Q&ID=144014843)

took over the screen and says my computer is at risk and it gives me two options

continue unprotected or get security software

i am running avg for firwall spyware and antivirus. this doesnt only happen with only craigslist it happens with almost every website i go to. not every time either but 50% of the time.

if i click continue unprotected it goes back to the website i was previously at but then pops up again. so i tried to click get security software and it takes me to a website to purchase antivir antivirus (http://malwareweblist.com/1/?id=2036-2)

so i belive this is a virus or somthing so if anyone can help me with this problem would be great thank you

please see the attachments as well

A:Warning! Visiting this site may harm your computer!

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

2 more replies

Hi,

I need your help. My website "http://www.how-to-manifest-your-desires.com/" is listed by Google as a dangerous site that may harm your computer. The problem is that I don't know how to fix the problem. I have looked through the code to see any suspicious code but cannot see anything suspicious.

I'd appreciate if someone perhaps has experience with this sort of thing. See warning message below!

Thanks,
Jimmy

---------------------------

Warning - visiting this web site may harm your computer!
Suggestions:
Try another search to find what you're looking for.
Or you can continue to http://www.how-to-manifest-your-desires.com/ at your own risk. For detailed information about the problems we found, visit Google's Safe Browsing diagnostic page for this site.

If you are the owner of this web site, you can request a review of your site using Google's Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

More replies

This problem has been very persistent and whatever I do I can't seem to get rid of it! I've included screen shots below. The jist of this is whenever I go to a website (doens't really matter which one) i get those errors! I am running Windows XP Service Pack 2. If you would like more information just ask.http://i16.photobucket.com/albums/b40/boog...galz92/wth2.jpghttp://i16.photobucket.com/albums/b40/boogaboogalz92/wth.jpgI'm guessing it's the same problem as this guy had... http://www.bleepingcomputer.com/forums/t/167891/what-if-i-dont-want-to-buy-their-anti-spyware/Stating that, I've already done what the guy said in post number 2 (with the Malwarebytes' Anti-Malware program) Here's my log:Malwarebytes' Anti-Malware 1.28Database version: 1166Windows 5.1.2600 Service Pack 22008-09-17 20:14:11mbam-log-2008-09-17 (20-14-11).txtScan type: Quick ScanObjects scanned: 47395Time elapsed: 3 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 5Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 1Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{7221E2B7-FFBF-337E-7121-006F0D253BCC} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.HKE... Read more

A:Warning! Your Pc Possible Infected Due To Visiting Exploited (hacked) Site...

Hi, you know it's bogus when you see the grammar they used in link two.Warning! You infected by this siteOk good did you do the needed reboot? If not do that. Then check for an update to MBam,rescan and post another log.

12 more replies

My friend's computer got infected with some worm after visiting some porn site and as a result internet explorer would ot start. Everytime we tried to start iexplorer, it would say "C:\WINDOWS\mslk.exe
the NTVDM CPU has encountered an illegal instruction
CS:Odc9IP:011aOP;65 63 75 72 69 Choose 'Close' to terminate the application"
and a variations of other names like "C:\Windows\sdklg.exe or ~mfcrd.exe and poj32.exe...keeps
changing everytime wetry it. Well this is the hijackthis log and it would be nice if someone could help. Thanks!!!

"Logfile of HijackThis v1.97.7
Scan saved at 2:14:03 AM, on 6/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

A:internet explorer not starting after visiting porn site

Run HJT again and put a check in the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\TRIHO~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\TRIHO~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\TRIHO~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\TRIHO~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\TRIHO~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://tcjwo.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tcjwo.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\TRIHO~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {5C397BB2-36D2-F787-9AA2-DB56173763F4} - C:\WINDOWS\msbb.dll
O2 - BHO: (no name) - {38F40F5F-D7CE-40CE-88E6-C0F5381FA3B6} - C:\WINDOWS\System32\nakob.dll
O4 - HKLM\..\Run: [appwh32.exe] C:\WINDOWS\appwh32.exe
O4 - HKLM\..\RunOnce: [ieuu.exe] C:\WINDOWS\system32\ieuu.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\S... Read more

3 more replies

Any time I try to access the internet I get " Internet Explorer Warning - visiting this web page may harm your computer".
I can't access the internet from that computer.

If I try to run any programs I get "Security Warning - Application cannot be executed. The file is infected. Do you want to activate your antivirus now?"

Can you guys help?

Thanks
Tim

A:Internet Explorer Warning - visiting web site may harm your computer

Never mind fellas... I fixed it myself!

Thanks anyways!!

1 more replies

I was able to kill it with RKill, but there are still some lingering issues going on.
When I try to connect to the internet via Google.com I get this message "Internet Explorer Warning - visiting this web site may harm your computer!"
I have run Malwarebytes and Microsoft Security Essentials.
They have removed numerous Trojans etc, but I still get the Internet Explorer Warning - visiting this web site may harm your computer!
When I tried running HIJackThis, I get a message "For some reason system denied write access to the Hosts file...."

Any clue how bad it really is?

Thanks,

Gilly68

A:Internet Explorer Warning - visiting this web site may harm your computer!

2 more replies

Was on a website called coolwallpaper.com or something like that and as soon as I got on it spyware doctor went off blocking threats, then a window popped up which appeared to be scanning my pc for viruses which was a program I dont have on my pc. I ran malwarebyes and tried to remove some of the stuff wanted to make sure I got every thing.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:52:21 PM, on 1/25/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HP DigitalMedia Archive\DMAScheduler.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\AIM6\aim6.exeC:�... Read more

A:PC under attack after visiting a wallpaper site, Hijack report included

2 more replies

I have an infected laptop running XP Pro SP3. It had Spyware Protect 2009 on it but I was able to stop the sysguard.exe process and delete sysguard.exe from the Windows subdirectory and from the HKEY_CURRENT_USER\....\Run registry hive. There is still at least one other major problem. IE 7 is redirected to display "internet explorer warning visiting this web site may harm your computer" most of the time. I can get to google sometimes and even search something but when I try to follow a link - I get the redirection message. It also prevents me from running a system restore and most of the scanning software such as malwarebytes, SDfix and several others. I was able to run HijackThis but when I tried to post the report, it redirected me again so I saved the log file to a thumbdrive and logged onto an uninfected computer to post this.

I'm attaching the log file.
hijackthis.log   10.75KB

A:internet explorer warning visiting this web site may harm your computer

2 more replies

Whenever I click on a link, even if it is a link presented by Google as a result of a search, I am often taken to various different web sites I never heard of before. My husband is very computer literate but does not feel comfortable fixing this without your advice.

When I tried updating my PC-cillin information I got an error saying, "Update unsuccessful. Check your Internet connection, and then try again. Consult the Online Help for additional instructions. (-1)"

We think this could be a result of being highjacked. We do have internet connectivity. For example this message is being sent from the computer that is having the problem.

Here's my DDS log:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Lorri qwert at 19:38:37.81 on Thu 04/30/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.151 [GMT -7:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Outdated)
FW: PC-cillin Internet Security - Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe

A:Clicking a link for a web site takes me to unknown site instead

14 more replies

Hello all.

Everytime I go to a websitr I get an antivirus popup, or a popup that has something to do with the site I visited.

For example if it was a Sports site, I may get a popup for NFL clothing.

Here is my LogFile, Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:56 PM, on 9/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\GWMDMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\NMSSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

A:Antivirus Popups, popups that are similar to the site I am visiting

bump, anyone?

2 more replies

Anyone else getting that old Google bar when visiting a Google site with Edge?

A:Anyone else getting that old Google bar when visiting a Google site ..

Yup..shows up here.

20 more replies

Hi
Recently, when I click a link brought up from a Google search it opens a new window and the first time I click the link it takes me to a different site than the link should. This happens in Safari 4.0.5 and IE8.
Also, my wife purchased a train ticket online and 1 hour later we had a phone call from the bank suggesting fraudulent use of the card detailed she had entered. I do not know if this is related but am very concerned. I was running AVG but uninstalled as it was showing no errors and Combofix didn't want it running when it was scanning.

I have found a few similar posts and therefore have down loaded and run:

Combofix.exe - ran this first and theno I rebooted
Hijackthis - ran this, have not rebooted since

The problem appears to be resolved as the links open in the same window correctly now but here are the logs from my scans, can you please confirm if I have removed all the malicious software?

Combofix log:
ComboFix 10-05-08.03 - Mat 09/05/2010 13:05:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1180 [GMT 1:00]
Running from: c:\users\Mat\AppData\Local\Temp\af9jj5r9.tmp\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe3201.dll
c:\windows\system32\spool\prtprocs\w32x86\0000421c.tmp

.

Hi
Have I supplied incorrect information on this thread or are there no issues remaining with the PC?

Any assistance anyone can provide would be much appreciated?
Thanks

1 more replies

Hello,

I downloaded Internet Explorer 8 and it works perfectly fine. The only problem is it won't let me access www.friendster.com.
Your immediate feedback will be highly appreciated.

Thank you,

J

More replies

When i pasted a layout code on my page,it does not work.Instead it shows the entire code on my page!When i deleted the code,my profile does not change!It still shows the code!What can i do?

More replies

lately i found it too difficult to open the friendster's homepage : www.friendster.com. an httpp 400 bad request appears each tym i try. I dont know exactly what causes this error. I have no problem accessing other websites. i am using windows vista. below is the http 400 bad report:

The webpage cannot be found
HTTP 400
Most likely causes:
?There might be a typing error in the address.
?If you clicked on a link, it may be out of date.

What you can try:

Go back to the previous page.

Go to and look for the information you want.

This error (HTTP 400 Bad Request) means that Internet Explorer was able to connect to the web server, but the webpage could not be found because of a problem with the address.

More replies

i can't connect to facebook & friendster website.. but google and other website is good. any idea?? i search for this problem and try to delete some cookies. and firewall setting.. i have this problem before. and solve it. this is what i do.
1. in firewall.. my firewall is off.
2. i turn on the firewall and wollaaa its working..

now i have a problem again opening friendster & facebook.
and i try to do the same way. but now it's not working so any one please help me..
this the page view.

Network Error (tcp_error)

A communication error occurred: "Connection refused"
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.

For assistance, contact your network support team.

More replies

Hi! Attached here with is the ActiveScan from Panda Security.

I hope you could help me with my problem. My friendster page is not loading its images.

Hello, KLyTH
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them i... Read more

2 more replies

A couple of weeks ago I woke my computer up from stand by to find three programs running that were not running when I left. Whitesmoke translator was downloaded and installed into my computer without my consent. I ran a full virus scan using Trend Micro and deleted any viruses that were found. I then purchased Malwarebytes and ran a full scan and again deleted any viruses found. I enabled Malwarebytes' website protection and since then I have been getting notices of ips that were successfully blocked (62.122.75.136, 62.122.75.138 are a few that were just blocked but there are others with not so similar ip addresses). I am also being receiving a wal mart pop up and being redirected to a website called cr0zybanner.com every 20 or so minutes. Could someone please help me remove whats causing these problems? I also do not have a backup copy of my windows xp disk. Thank you for your time.

DDS (Ver_10-11-27.01) - NTFSx86
Run by David DiGiovanni at 21:28:07.21 on Mon 11/29/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2211 [GMT -5:00]

AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe

A:Auto run program and web site redirecting

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this linkDouble click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special r... Read more

16 more replies

How do you get IE8 to automatically translate a website, and display site, in your language?
Neither my XP or W7 machine, both use IE8, will show me a german site in english. I used to go to the site in IE7 and it would be in english, now nada.
I'm not interested in changing browsers so please, do say use firefox, etc.....

ty

A:Foreign Site Auto-Translation

I use Bing Translate, included in IE8.

Click Page menu, hover (don't click) over Translate with Bing. A small window opens, you can choose original language and to with language you want to translate. Usually I just click Translate this page and let Bing auto-detect the original language.

Kari

Image 1 (choosing translate feature):

Image 2 (Bing translate shows original and translated page side by side):

1 more replies

Ive configured Security level for Internet Zone as High with these customs:
run ActiveX controls and plugins enabled;
script ActiveX controls marked safe for scripting enabled;

Quote:

miscellaneous {some are default}
access data sources across domains prompt;
allow webpages to use restricted protocols for active content prompt;
display mixed content prompt;
drag n drop / copy n paste files prompt;
submit non-ecrypted form data prompt;

active scripting enabled;

i entered this site and it automatically redirects to youtube dot com main site.

also my google MAIL can't open (left click) a link within the message body. It goes blank tab. the workaround is CTRL + Lclick. Or Rclick + open new tab.
Regards

I just went to the link as well and it took me too Youtube.

For google mail have you tried to clear the temp files?

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):Empty Recycle Bins
Delete Prefetch files (if present)
Cleanup! All Users
Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.
Click OK
Press the CleanUp! button to start the program and Do Not reboot when prompted.

1 more replies

Hey all

It looks like it is PHP.

I was able to do this with a different website which had direct links to MP3s and you save target as with a firefox addon. Is there a way to do the same auto-download process with the site I linked?

More replies

Hello! Good Day...

I have a problem with my PC. I was trying to login to my Yahoo Messenger using my account. but i was not able to login successfully. if you are familiar with Yahoo Messenger, the window that appears when you entered a wrong password came out. but i tried many times to enter the password. My sister also tried entering hers' its the same result. We tried logging in Friendster and Hotmail, its the same result. we cannot login to this kind of sites. we haven't tried other sites with the same function like friendster.

i dont know if this started because of my security software did not function properly. I bought this security software months ago. at first it was okay. then when it did not function properly, i cannot login to the said sites. I tried contacting the support unit of this software and there solutions were not getting the problem solved.

I tried searching for online help. i stumbled with one of your solutions to a problem of a guy regarding logging in. one member said to go to a site (www.kaspersky.com/virusscanners) to perform an online scan. i visited that site. But i was unable to get an online scan going because it says that the online scanner is expired. the installation of the online scanner was successful but when the virus definition initializes. it failed.

how can i solved my problems? is it my security software causing the problems? am i infected with a virus already?

A:Cannot Login to Yahoo Messenger, Friendster and Hotmail

Bump

1 more replies

To whom it may concern

Currently my Internet Explorer always pop up www.g2g2.net web site after 2 minutes each time when I launch my IE8. How can I remove this pop up web site (it shows Arabic word in the web page)?

I did use Windows Essential Security but it did not detect any virus / malware.

Thanks

A:Internet Explorer auto pop up www.g2g2.net web site

3 more replies

Avoid Friendster and its clones, warns security expert
By Andrew Orlowski in San Francisco
Posted: 10/02/2004 at 03:08 GMT

Computer users who value their privacy should stay clear of 'social networking' websites, and should warn their friends away too, according to a distinguished Australian security professional. And for good-measure, the rash of new websites - with names apparently inspired by artificial food preservatives such as Ryze, Plaxo and Orkut - make a mockery of existing data protection legislation.

"In general, people would be well-advised firstly to stay well clear of all address-book and 'social networking systems', and secondly to prevail upon their friends, colleagues and acquaintances that they should avoid making any data about them available to service-operators like Plaxo," says Professor Roger Clarke, a visiting professor at the Australian National University.

Clarke has studied the leading contenders, of which the most famous is the revenue-free Friendster, and concluded that not only do they lack a basic understanding of privacy concerns, but they are not likely to either.

The Register

More replies

(NOTE:  Links open in a new tab.)
In the TechNet article
here I see reference to a schema v.2 for the EMIE tool. It will apparently spit out the xml using the new version 2 of the schema. But the download link only goes to downloads for Win7/8 (schema v.1), and I cannot find any reference to where I can obtain
the Windows 10 version.
For example,
this one references Windows 7 and 8.  Finding the Windows 10 version has proven impossible so far.
We have several sites which need to be opened in IE instead of Edge, and using our old Enterprise Mode site list is not working on our Windows 10 clients.
Current site list example:
<rules version="4">
<emie>
<domain exclude="false">www.contoso.com</domain>
</emie>
</rules>

Etc.
v.2 schema leads me to think that the output from the tool is incorrect.  The documentation suggests that the output for Windows 10 should be:

<site-list version="205">
<site url="www.contoso.com">
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
</site-list>

Or am I missing something here?

More replies

I've searched all over the place for this same issue with no luck. I've come IE won't save passwords, IE won't prompt to save passwords, and IE won't save passwords on certain sites, but I have been unable to find why on one computer it will prompt to save
the password for a site but it won't prompt to save on that same site on a different computer with the same browser.

So let me start by saying this, both computers are the same model, have the same OS, and same version of IE. (Dell OptiPlex 3010, Windows 7 Pro SP1 x64, and IE 11). I have verified the site in question allows passwords to be saved. It works on one computer
and not the other. Even if we try the same username. The company that runs the site has also verified this (Can't post the site name for privacy reasons).
I set this new user up on this computer and have done the following:
1. Made sure that prompting to save passwords was enabled in Internet options
2. Reset IE to defaults
3. Added to site to compatibility list
4. Added site to trusted sites
5. Restarted computer
6. Tested password prompt worked on another site
I know this is kind of vague, but if I am missing anything it would be greatly appreciated if someone could point it out.

More replies

Hi, when using Google Search then clicking on any finding IE is blocked. I can see an unknown address shown in address bar, i.e. http://www.aggoontirnhe.com/search.php?q=google%2Blink%2Bblocked&n=1291882329 It vanishes when mouse pointer is placed on address bar then it reappears.

I have tried many antispyware or malware applications but no one was able to remove or to locate this parasite.

A:IE address bar is hijacked by unknown web site

2 more replies

I need support(drivers and instruction) to reinialize my laptop PC, but it is unknown in the toshiba internet site. Why this?

Toshiba PcDiag report:
Data 2012/01/03 08:06:00

[Informazioni sul PC]
Modello Satellite M70
Numero parte PSM70E-01100JIT
Numero di serie Z5265264K
Versione sistema operativo Microsoft Windows XP Home Edition 5.1.2600 Service Pack 2
Versione BIOS V1.10
CPU Intel(R) Pentium(R) M processor 1.73GHz
Memoria fisica 2048MB RAM
Capacit? disco rigido 80,031,974,400 [Byte] 74.536 [GB]
Capacit? spazio libero su disco rigido11,920,052,224 [Byte] 11.101 [GB]
Video Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family versione=6.14.10.4363
Risoluzione schermo 1280 x 800 Pixel
Colori True Color (32 Bit)
Audio Realtek AC97 Audio versione=5.10.0.5870
Rete Realtek RTL8139/810x Family Fast Ethernet NIC versione=5.621.304.2005 Indirizzo MAC=00:0F:B0:A7:7E:DF
Intel(R) PRO/Wireless 2200BG Network Connection versione=9.0.2.25 Indirizzo MAC=00:01:02:03:04:05
Modem TOSHIBA Software Modem versione=2.1.51.0
Dispositivo IDE 1 MAT****A DVD-RAM UJ-841S Versione firmware=1.50
Dispositivo IDE 2 (Nessuno)
Dispositivo IDE 3 ... Read more

A:Re: My Satellite M70-165 is unknown in the Toshiba site

> I need support(drivers and instruction) to reinialize my laptop PC, but it is unknown in the toshiba internet site. Why this?
It is not possible. Do you know why?

Old models are listed in option ARCHIVE.

2 more replies

To what extent can I be 100% certain what is in my friends' internet history was physically done on her computer? He has a yahoo account (both in the email internet history and in the C://programfilesyahoo/messenger/profiles that he swears he has never seen before.
If it was malware, would it still have appeared in the history?

I would forever be in shame if I wrongly accused him of being this screenname.
very concerned

A:unknown site on internet history

6 more replies

I am haveing problems with websites being redirected, random sites popping up at all times, sites just shutting down, and no sound on my youtube videos.

I have ran Norton, Malmarebytes, and Spybot with no success.

I accidently ran Combofix and then uninstalled it.

THANK YOU!!!!!!!

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Crystal at 4:06:45 on 2011-07-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.153 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\lg_fwupdate\fwupdate.exe

A:Site redirect, random popups, random site shutdown

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.

9 more replies

I'm using Windows 7 Professional on an HP Elitebook 8560p laptop.  I'm using AVG Free and also frequently scan with SpyBot Search & Destroy, MalwareBaytes, and SuperAntiSpyware.

I went to a sports streaming site that is apperantly just a malware server because I immediately started getting all kinds of popups and my browsers had toolbars installed and the home page and search engines were changed.  I identified several programs that were installed and uninstalled them.  AVG detected (I think) a few files identified as Trojans and also prevented communication to some address.  I update and ran full scans with the three utilities mentions above and all found and cleaned trojans, adware, and PUPs.

All three scan clean now and in FireFox I've remove toolbars and reset my home page and search engine.  I'm still experiencing long delays while going to any site and "feeds.webmakerplus.info..." and other site names show as being contacted during the delay before the web page dispalys.  I'm also seeing some popup windows and embeded ?ads? in pages that is not normal.  Apperantly, I'm still infected in some way.  Help.  Thanks.

A:Browsers talking to unknown site(s) and getting popups, etc.

4 more replies

There's a website that, for some reason, I cannot connect to. Each time I try to, Firefox just gives me the old error:

The server at metal-archives.com is taking too long to respond.

(the site = http://metal-archives.com/ by the way)

The same thing happens on all of my web browsers, and in fact no computer on the network at my house that's connected to the Internet can go to the site, though I know it's not down. I'm not IP-blocked from the site, and I can still visit it through proxies.

What could be causing this, and what can I do about it? I hate having to go through a proxy everytime I want to use it. :/

A:I cannot connect to one specific site for some unknown reason.

Hello and welcome to Techspot.

It may be something to do with your ISP. Hence why using a proxy lets you contact the site.

The reason I say this, is because my ISP has been having a few problems lately and Ive had the same problems connecting to certain sites, although in my case the problem is intermittent.

Contact your ISP and see what they say.

If it turns out its nothing to do with your ISP, then I don`t know what the problem is.

Regards Howard :wave: :wave:

2 more replies

I am using a toshiba satellite laptop with windows 7 64 bit version. I have been using Firefox as my default browser. I also have IE and google chrome. In the past three days, whenever I click on any of the search results in google, it gets automatically redirected to some random website. I have noticed the website blinx opening more than once. It is really frustrating. Initially I thought that the problem might be with the browser add-ons or extensions and I uninstalled Firefox altogether and switched over to Chrome. But the same problem exists. Following the instructions, I am pasting the DDS log below.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Lirin at 21:47:32 on 2011-10-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.3894.1151 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

A:Google searches are being redirected to unknown site

32 more replies

For every link or website that is down or is dead, I now get redirected to the above site.The site is very deceiving. You can only find some info if you click on privacy or legal details on the bottom of the webpage.

The results when redirected have me search for things including a big ad for malware removal.

I ran McAfee and SuperAntispyware. Both yielded no malware, just the usual cookies from casalmedia etc with SA.

Thank you

Edit: I just tried the dead links on my iphone. i have also been redirected to the same site.So perhaps this is a router, network. or ISP issue?

A:404 Page redirects to unknown site: DomainSponsor

What are some of the links?

3 more replies

Spyware that has so far not identified itself. This is a used computer that I've owned for several months and has run fine until yesterday so I assume it's my fault, but I don't know the history of the computer. I installed MalwareBytes, and it scanned and removed some objects, but would only work in safe mode. When I rebooted, MalwareBytes would alert me to malicious internet access and then my computer would hard reset. I had to restore to a previous restore point before installing MalwareBytes and now my computer will occasionally hard reboot for no reason. If I attempt to go to the lavasoft site I am redirected to different sites, ave 99, validclick.net, the-consumer-reporter.org. And several others. The spyware has not identified itself in any way. I know you're very busy, any help is much appreciated. Thank you so much!

A:Unknown Spyware, redirects ad-aware site to ave 99

Solved my own problem. Thanks for the site though. Many people stuck like myself are extremely grateful to have a place to turn for help!

2 more replies

I've become the unofficial network admin at my work place, we are having some network connection issues and I have no idea what's causing it. This problem only started occuring about 3 weeks ago, there haven't been any changes made to the configuration of the network. The network has 1 linux server, 7 computers, and 2 network printers. The router we are using is a D-link DI-604, there are 2 d-link switches connected to it, as well as a d-link DWL-900AP+ wireless access point. Sometimes when we arrive in the morning and turn on the computers, some of the computers cannot acquire a network address. Loading the router configuration page shows the dhcp server leasing IP's to an unknown device, screen shot is attached.
The mac addresses of all known devices connected to the network (computers, printers, server) begin with 00, i don't know what the device with mac address beginning with 52 is but the dhcp server is leasing all the unused ip's to that device.
Anybody have any ideas?

A:auto dhcp ip lease to unknown device?

10 more replies

I've looked absolutely everywhere I can think of and I can't find a way to disable auto-joining unknown networks. There has to be a way to do it, otherwise that would be a huge security flaw. When in range of my own router or any other access point I have saved, it's fine. However, When I take my laptop elsewhere, it automatically joins unprotected networks, which I don't want to happen. How can you stop Windows 7 from automatically joining unknown wireless networks?

A:Disable WiFi Auto Join Unknown Networks

Turn of the radio button maybe?

2 more replies

Hello, i am running to a big concern on my computer. when i turn on the machine on the login screen it sort of tries to login, but since it has a password it fails. then when i login it tries to open an unknown file. am i infected or is it a problem with the OS configuration ?

PD.: I hope the post belongs here, since im running windows 7.
This file i found it "C:\Users"

I just did a search of the file, and this is where i found it. I opened on the note pad and it had nothing written in it.

Video Update:

A:Startup failure and auto start an unknown file

It's not clear from your post...is the computer usable?

4 more replies

Hello, I am using windows XP 2000 service pack 3. Since last week whenever I start windows internet explorer stars with site India Study Channel. When I close the explorer and reopen it everything is ok and internet explorer opens with my home page i e google.com. Please help me to solve whether it is a work of malware/spyware?. Your guid/ help in this regard will be appriciated. My Hijackthislog is as under:-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:33 PM, on 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\etMon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\Cyberoam... Read more

A:Solved: Internet Explorer stars automatically with unknown site

9 more replies

Not sure what the problem is , nothing came up in malware bytes or spybot. Also Eset antivirus only goes off when the browser actually tries to open the other windows (which is usually a ton) Below is the hijack this log. Thanks in advance:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:29:06 PM, on 4/20/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe

A:Explorer & Firefox both open multiple browsers with unknown site

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

14 more replies

Hi, so just yesterday, between 12.53am to 12.57am. Mails have been sent through my email [[email protected]] to all my contacts. The Mails are sent in groups of 5.

In total, there are 18 sets of the group of 5. That makes 90 mails being sent through my email. Every set of mails contains a different link (I believe it all leads to the same place)

They are such as:
hxxp://ow.ly/3NACS
hxxp://ow.ly/3NyRz
hxxp://ow.ly/3NzHZ
hxxp://ow.ly/3NAvf
hxxp://ow.ly/3NzDy

There is no subject, only a link as such of above. When I clicked on sent messages, I could see these messages being sent.

Actions I have done to fix the problem:

Scanned with Spybot Search & Destroy [Nothing found]
Scanned with McAFee Security Center [Nothing found]
Scanned with Malwarebytes' Antimalware [Nothing found]

This is my log of Hijackthis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:01 PM, on 3/2/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

A:Unknown virus, Auto forwarding mails with links to all my contacts.

2 more replies

Several times per day when interacting with my web browser (Chrome), a new tab will open of it's own accord and try to go to a site. Sometimes this is as seemingly innocuous as Fanduel.com, but more often than not the destination is a malware attack site. These seem to be mostly getting caught by my A/V solution (Norton), but it is just a matter of time... I have tried Malwarebyte scans, updated Norton AV scans, etc. Nothing is picking up the problem... Please help!

FRST.TXT:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by clm8328j (administrator) on PCZILLA (21-10-2015 20:40:00)
Running from C:\Users\clm8328j\Desktop\Temp\Clean Up
Loaded Profiles: clm8328j (Available Profiles: clm8328j)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officecli... Read more

A:Unknown Browser Malware Chrome periodically opens a new tab for a malicious site

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-438002701-1874782341-4271311250-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
Toolbar: HKU\S-1-5-21-438002701-1874782341-4271311250-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
Toolbar: HKU\S-1-5-21-438002701-1874782341-4271311250-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

2 more replies

Dear TSF,

In later, my computer has been infected by some kind of trojan or something. Neither AVG, Norton or Avast can find anything suspicious.

Each time i access a folder (not everyone actually, but the major part) or the Local Disc, i get a popup:

After that it redirects to a site, made to look like the My Computer design, and a button to download something. the site is hxxp://sc.videofreeforonline.com/id/4912933/4/1/ (The site doesn't give any malware, but i do not recommend clicking the link)

This does not only slow down my browsing, but also i guess its a threat to my computer/network.

Regards, ghcBuG - "Computer n00b"

A:Unknown Trojan - Popups everytime i access folders - Site redirecting

I fixed it! (I think atleast) With the help of this forum, guiding of HijackThis i managed to find a file in windows named OSMA - rgf.dll

I was able to delete it. Since then i haven't had any popups or any site redirecting! So all of you with a similar problem, try to do the same (but dont play with HjT too much.
Moderators can close this topic as long as they dont want to search my computer for more infections, lol.

THX
ghcBuG - Computer pro!

1 more replies

Hello, over the past day and a half this problem has gotten a lot worse. Windows automatic updates cannot be turned on, this has spread to norton automatic updates as well.

recently started to get frequent stop errors having to do with ntfs.sys or srtsp.sys files.

ive also been getting adult popups in internet explorer and the computer seems to be running slower than norm.

Help would be appreciated asap as i need this comp to study for exams :S

Thank You

My hijack this report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:11 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe

A:Solved: Norton/windows auto updates dont work, slow computer, adult site popups, sto

9 more replies

Hi! Im new to this forum and well basically new to viruses and malware overall. I use malwarebytes and norton 360 and i've previously never had any issues with my computer regarding malware. Recently what has begun to happen is that my searches on google and right click opens to new tabs are being redirected to other sites.I first started with my sites being rerouted to: bts.scour.com/html3? (something like that)Now the sites are being redirected to airsoft.com and some random "search authorization" pageI'm afraid that my computer will be hijacked over time and i'd like to fix these problem soon.I read about this on another forum on this site but i was unable to understand the process. It would be great to get help in a more simple way ( cause i'm new to this).Ive also followed the steps for preparation.Thanks anyone and everyone for helping out if you can!~Rohawa~ DDS Log.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by ****** at 19:12:42 on 2012-08-26Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1266 [GMT -4:00].AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\sy... Read more

A:Auto Redirect

Hello rohawa , Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.1.Do you have a USB Flash Drive you can use?2.Please download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

32 more replies

DDS (Ver_10-12-12.02) - NTFSx86
Run by Nathan at 16:30:24.31 on Mon 01/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.2038.966 [GMT -7:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

21 more replies

hey guys.Can some one please help me out ? ill be surfing the web , and at random times a new tab or window opens up with random sites. my FF crashes sometimes, freezes etc . here are the Hijack this logs . Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:37:18 PM, on 9/5/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\Program Files\Java\jre6\bin\jqs.exec:\PROGRA~1\mcafee\SITEAD~1\mcsac... Read more

A:site hijack redirect .

19 more replies

Hi, new PC with a problem. The browser redirects constantly, McAfee wont open or run scans and when I tried Malware bytes, it crashed it after 5 seconds. I tried running Gmer per the instructions, but it crashed it as well. Here's the DDs log...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Agustyn Pena at 20:46:33 on 2011-10-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1227 [GMT -7:00]
.
AV: McAfee? Security-as-a-Service Anti-virus *Enabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12

A:Site redirect problem

C:\WINDOWS\1714747044
Press Create button and post the content of the Result.txt.

Important: Restart the computer.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is... Read more

16 more replies

Heres my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:19:28 AM, on 2/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Appa&Amma\My Documents\My Installers\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Exp... Read more

Hi eaglered_77, and Welcome to TSF!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

When installing, under "Additional Options" uncheck..Install background guard

Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.

1 more replies

A:Financial site redirect

Does it happen in any browser?Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:

4 more replies

My computer is infected by nasties. I had scanned with Malwarebytes Anti-Malware, SuperAntiSpyware and Hitmanpro and removed the infections, but they kept coming back.

PUP.Optional.PricePeep
PUP.Optional.PricePeep
PUP.Optional.ReMarkIt.PrxySvrRST
PUP.Optional.ReMarkIt.PrxySvrRST
PUP.Optional.Yontoo
PUP.Optional.Yontoo

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by J K (administrator) on JK-THINK (02-09-2016 22:33:51)
Running from C:\Users\J K\Desktop
Loaded Profiles: J K (Available Profiles: J K & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

More replies

My computer is infected by nasties. I had scanned with Malwarebytes Anti-Malware, SuperAntiSpyware and Hitmanpro and removed the infections, but they kept coming back.

PUP.Optional.PricePeep
PUP.Optional.PricePeep
PUP.Optional.ReMarkIt.PrxySvrRST
PUP.Optional.ReMarkIt.PrxySvrRST
PUP.Optional.Yontoo
PUP.Optional.Yontoo

PUP.Optional.PricePeep

More replies

ok, I am not sure if i am infected with anything or not. I rarely use ie, but I must use ie(x86) to connect to vmWare console.(x64 doesn't support the plugins)

I use xp pro 64bit. i tried the dds listed in the "read first" topic, but it will not work on x64 system.

My problem is that ie x86 will NOT connect to a secure site. i get this res://C:\WINDOWS\SysWow64\shdoclc.dll/dnserror.htm#https:xxxxx whenever i try. I do not get the same error on ie(x64) but again, the plugins aren't supported there. I did d/l search & destroy, and it found 8 different threats, but subsequent scans have returned 0. Again, I am not sure if this is virus/malware related, as I don't seem to be having any other problems other than the secure site. I am posting my HJT log, thank you for any thoughts/help!

bj

A:secure site redirect

2 more replies

My computer is infected by nasties. I had scanned with Malwarebytes Anti-Malware, SuperAntiSpyware and Hitmanpro and removed the infections, but they kept coming back.

PUP.Optional.PricePeep
PUP.Optional.PricePeep
PUP.Optional.ReMarkIt.PrxySvrRST
PUP.Optional.ReMarkIt.PrxySvrRST
PUP.Optional.Yontoo
PUP.Optional.Yontoo

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by J K (administrator) on JK-THINK (02-09-2016 22:33:51)
Running from C:\Users\J K\Desktop
Loaded Profiles: J K (Available Profiles: J K & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

More replies

hi eveyrone!

our site keeps on redirecting to
Code:
http://gogamego.thewhizproducts.com/?chid=121&oid=626&crid=5249&subid=210790403372&pubid=473791

thanks

More replies

hi there,
when i log into hotmail it doesnt go to my hotmail page, it just says done at the bottom and is just a black brwoser window. I can get to my hotmail by going view then sources and pasting the url into the address bar. this is also a problem on other web sites including ebay. Can anyone help me?

thanks

dannyb99

More replies

A:Financial site redirect

75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.d... Read more

7 more replies

My computer has been infected with virus and whatever they are. I have tried scanning with the following and removed the threats but they kept coming back each time I used the chrome browser. The infections are:

PUP.Optional.PricePeep
PUP.Optional.PricePeep
PUP.Optional.ReMarkIt PrxySvrRST
PUP.Optional.ReMarkIt PrxySvrRST
PUP.Optional.Yontoo
PUP.Optional.Yontoo

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by J K (administrator) on JK-THINK (02-09-2016 22:33:51)
Running from C:\Users\J K\Desktop
Loaded Profiles: J K (Available Profiles: J K & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program... Read more

More replies

Please help me confirm that my PC is completely clean. I think I have removed the virus.

The problem WAS when I clicked on a Google search result I was redirected to a related advert.
Sometimes the sites I was being redirected to looked genuine enough, sometimes they looked like a web page full of adverts.

I am very sure that at least 2 of the sites I was being redirected to were genuine (Symantec and a site for solar panels). For instance I searched Google for 'google redirect malware' and clicked on a result that should have taken me to an article on a Google forum and instead I am taken to a Symantec web site that was advertising Norton products.

I have Norton 360 - it found nothing, 'ESET Online Virus Scan' found 'a variant of Win32/Kryptik.NCK trojan'. The file ESET found was called UTEDoray.dll which was located at C:\WINDOWS.

Thanks.

A:Redirect To Related Site

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKillerDouble-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.Any objects found, will show in the Scan results - Select action for found objects and offer three options.If an infected file is detected, the default action will be Cure...do not change it.
Click Continue > Reboot now to finish the cleaning process.<- Important!!
If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.Step 7 instructs you to scan your computer using Malwarebytes Anti-Malware. Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.Malwarebytes' may "make... Read more

11 more replies

I've been trying to help a friend "fix" a PC (Macys.com redirects to various "porn-type" links) - and cannot seem to eliminate the source of this problem. I have run the standards (SpyBot/AVG/Ad-Aware/Trend/Bit Defender/Trend Housecall) and while each has located and repaired/quarantined/removed - the problem is still there. Here is HiJackthis Log and StartupList report for review.Logfile of HijackThis v1.99.1Scan saved at 9:22:45 PM, on 11/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exeC:\Program Files\Sony\VAIO Media Music Server\SSSvr.exeC:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exeC:\Program Files\Common Files\S... Read more

A:Ie Browser - Web Site Redirect

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available.A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and that you don't miss out any steps.If you have any queries about the process or just general questions, just ask.I think we should run AVG antispyware in safe mode and see what we find.There is a higher deletion sucess rate in safe mode.Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.Now reboot into Safe Mode.This can be done tapping the F8 key as soon as you start your computer You will be brought to a menu where you can choose to boot into safe mode. Make sure you choose the option without networking support.Open AVG again and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine.Click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared. Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended acti... Read more

17 more replies

Hello all,
If you need more information, please let me know. This is my first time posting to the forum. My google/yahoo/bing search links are redirected to an ad site on both Firefox and IE. I've tried running AVG and Webroot, but neither can find anything wrong. Below is the HijackThis log. I appreciate any help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:36 PM, on 2/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 4900 Series\lxdrmon.exe
C:\Program Files\Lexmark 4900 Series\ezprint.exe
C:\Program Files\Java\jre6\bin\jusched.exe

More replies

I hope i am folling rules right way. i have small repair shop and it seems to have got hjacked. when i hit ie type in addresws it goes but if i click on a link say in google after doing a seaerch it goes where it like and sae for FF. i have norton 360 running also now have triel of avg and i have tried this kaspersky 911 removal tool and it works the first time i click a search link then after that it hjacks it agin. i have ran scans all day othing works. i have my log so it qwill be posted below. its just a bestbuy compaq nothing fancey but i need it bad. any help would be thankfull very much so....

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Ultimate , 32 bit
Processor: AMD Athlon(tm) 7550 Dual-Core Processor, x64 Family 16 Model 2 Stepping 3
Processor Count: 2
RAM: 2942 Mb
Graphics Card: LogMeIn Mirror Driver, 3 Mb
Hard Drives: C: Total - 293688 MB, Free - 236605 MB; D: Total - 11554 MB, Free - 1629 MB;
Motherboard: PEGATRON CORPORATION, NARRA5, 5.00, MB-1234567890
Antivirus: AVG Anti-Virus Free, Updated and Enabled

hj log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:38 AM, on 4/20/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\vVX3000.exe
C:\Program Files\Common Files\Java\Java Update\jusche... Read more

More replies

Hello,

I have no idea if this is a good forum to post this question, but I've run out of google search terms to try!

We want to supply a Kiosk at my work that runs IE in full screen mode (homepage is our site). We want IE 8 to auto redirect back to the homepage after a period of inactivity (say 5-10 minutes).

Is this possible, or is there a third party program which can accomplish this? We used to use Refresh2Page for firefox (but now want to switch to IE).

More replies

THE VERSION OF MY INTERNET EXPLORER IS 6.

my question is, how can i auto redirect a website to Google.com whenever the browser tries to load it.

the site i want to redirect :- http://www.alliancekolkata.co.in
i want it to be redirected to : http://www.google.co.in

looking for some positive and brief replies..

thanks for all help and suggestions in advance..

thanks and regards
Shouvik

A:How to auto redirect a website

Quote:

Originally Posted by shouvik25

THE VERSION OF MY INTERNET EXPLORER IS 6.

my question is, how can i auto redirect a website to Google.com whenever the browser tries to load it.

the site i want to redirect :- http://www.alliancekolkata.co.in
i want it to be redirected to : http://www.google.co.in

looking for some positive and brief replies..

thanks for all help and suggestions in advance..

thanks and regards
Shouvik

Welcome to TSF,

The first item you should correct it to update your browser to IE 7.0 or even IE 8.0. The browser you are running now is not supported and you are vulnerable in the extreme using it. If you do not want to update IE, try CometBird. I use it and have nothing but praise for it.

As far as your question is concerned, could you give us further information, I do not understand the question at all, why would you want to redirect any website to google?

We always try to be brief and positive, but need to understand the question first...we are all volunteers too, and are here to help where we can.

kind regards,

9 more replies

I am not familiar with website development, Java coding et al so please excuse any ignorance

How do you create an 'auto redirect script' if you want to move your site from one isp to another ? or, better still, are there any examples or free scripts available ?

thanks

ian.t

A:auto redirect scripts

place this code in the < head > of your site to redirect
PHP:

<meta http-equiv="refresh" content="1;URL=http://www.yournewisp.com/yourname">

3 more replies

I have this weird adware I can't get rid of. First, it takes about 30 minutes before the google redirects starts, then the random new tab popup in firefox.I have tried, Malwarebyte, AVG, Superantispyware and SDFix but no luck.Here's my Malwarebyte log from yesterdayMalwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4173Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.1306/06/2010 8:45:32 PMmbam-log-2010-06-06 (20-45-32).txtScan type: Full scan (C:\|)Objects scanned: 354177Time elapsed: 1 hour(s), 43 minute(s), 4 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)HIJACKTHIS LOGLogfile of Trend Micro HijackThis v2.0.4Scan saved at 7:13:08 PM, on 07/06/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsas... Read more

12 more replies

Hi all,

Just then i tried to log into ebay and was met with a window which stated

"If you are seeing this page, your browser settings prevent you from automatically redirecting to a new URL"

I have looked and looke but i cant find the reason for this - i havent changed anything from yesterday and this crap starts. AGGHH.

Also cant get into hotmail and so on and so forth - well any site that requires a redirect for that matter..

Any wise words for me?

Cheers

Sam Hannan

A:How can i set my browser to allow auto redirect?

6 more replies

My dads laptop is on its death bed. 2 days ago dad noticed that it started having problems with website redirect in every browser, and a win32 error. I have tried anything i can think of, so now it is only hijackthis left. So...if you need the other logs as stated in the stickied thread on how to post, let me know however i doubt it would help.

w00t tsf?

===========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:05 PM, on 3/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe

A:Site redirect/win32 error

Here is the rest of the stuff

DDS (Ver_09-03-16.01) - NTFSx86
Run by Dude at 21:17:54.14 on Mon 03/30/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.514 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090319-0] *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\explorer.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.goog... Read more

1 more replies

Once in awhile, when I click a link, my browser redirects me to a site called findGala.com. What is that site, and how do I stop the redirects?

A:What is findGala and why does my browser redirect to that site?

14 more replies

I'd like to be able to view the mobile counterpart of certain websites instead of the regular webpage while browsing with Firefox on a regular computer. Is there any way to do this?

For instance, let's say I want facebook.com to redirect to m.facebook.com when I click a link or go to the website (or how ever I happen to get to that domain). But at the same time, I don't want BBC to forward to its mobile site. I'm aware of user agent switching, but I'm not sure how that could be implemented to only forward certain sites, and isn't actually all that helpful for sites that don't force the redirect.

I most often use XP and Firefox for times when I would need this to work, but a cross-platform solution (OSX & Ubuntu, Opera & Chrome) would be nice too.

I've googled this a bit, but any potential info was buried by redirect how-to's for webmasters.

Any suggestions appreciated!

More replies

I started having trouble after clicking an adobe update on a fake video that had comments supposedly from friends including their contact info.
since then i am being redirected when i click on google search results , facebook has claimed to be down for days and after downloading and running malwarebytes im receiving site blocked pop up notifications. the first scan found and removed many malicious files and the last only one. i disconnected the modem and ran the scan to remove 1 bad file and ran again to find none but as soon as i plugged in the modem site block baloon pops up and im still being redirected.... PLEASE HELP

A:redirect problems and site blocks

You are still infected. We cannot help you with malware removal here because of Forum Rules. Please click on the Virus/Trojan Help link in my signature and post there for more help.

1 more replies

Hello: Occassionally, I get redirected to this site: http://scanner.av2-site.info/scan.php?camp...93&landid=6 and a fake scanner page begins to run. I was using Avira but it did not stop it so I switched to AVG and it will stop it. I have scanned the pc with Malwarebytes, SuperAntiSpyware and several online scanners. Nothing is ever found. Those same programs will not get updates yet I am usually able to surf the internet okay.AVG reported the problem as Exploit Rogue Scanner (type 1031).Edit to add that Malwarebytes will no longer run nor can I uninstall it. I get automation errors. I can not go to any site that contains malwarebytes either.Below is the HijackThis log. Thanks for any help. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:17:22 AM, on 3/28/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18372)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Pro... Read more

A:redirect to scanner.av2-site.info

2 more replies

A:automatic redirect to other site (Virus?)

2 more replies

Everytime I try to click on a link it will redirect me to random websites. I have also tried to run a system restore and my computer will not progress. Here is my registry ran from Hijack this. Can someone help me determine what I need to delete to get rid of this? I also ran CounterSpy and that didn't fix the problem.
Thanks.
Timothy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:53 PM, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1153747052\ee\AOLSoftware.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

Best thing to do is follow the steps outlined here and be patient - the security analysts are always kept busy - so many malwares, trojans and viruses (virii?) out there these days.

2 more replies

I started having trouble after clicking an adobe update on a fake video that had comments supposedly from friends including their contact info.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by PWtattoos at 5:20:42 on 2011-11-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.1977 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe

A:redirect problems and site blocks

3 more replies

This is my first post here, hope it is in the right place.

Yesterday morning I started to have a problem with Google and all search engines. When I go to search for anything the results come up but when I click on a result I directed to one of several ad sites, or what appear to be search engines I never heard of.

I am using Windows XP Pro and this happens in both IE and Firefox

On any search engine I can type in a term get a valid lists of links but when I try one of those I directed to a site unrelated such as Orbitz, Yellow Pages or unknown search enginge.

I cannot access any sites that may help me solve the problem, such as this site or sites to downlaod anti-malware programs get the message that page exiss but it is unable to connect. Other sites seem to work fine.

I am unable to do a system restore to a past date. I get thru everything but when I hit the final step it just sits there. I tried this in both regular and safe modes. Here is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:36 PM, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE

Hello and welcome to TSF.

Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please perform the following:Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

1 more replies

Hi, I found you guys after a search turned up this forum post from 2003. Basically, I have a website I update periodically with ipage.com but recently when I go to that site I am redirected to qksrv.net/media/offers, just like in the 2003 post. In that post he mentions finding qksrv.net in his HOST file, however I don't have that - in fact I don't seem to have anything in that file (it's pasted below).

Things I've done:
1 Spybot - nothing found
2 Malwarebytes - nothing found
3 Hard drive search for qksrv - nothing found
4 Tried a different browser - so far both Firefox and Chrome give the same error
5 Run hijackthis (log below)
6 Checked HOST file for qksrv (host file pasted below)

I appreciate any ideas you have for getting rid of whatever this is. Thanks!

The tsgsysinfo gives me this, although I am running AVG anti-virus :
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: AMD A8-7600 Radeon R7, 10 Compute Cores 4C+6G, AMD64 Family 21 Model 48 Stepping 1
Processor Count: 4
RAM: 7091 Mb
Graphics Card: AMD Radeon(TM) R7 Graphics, 1024 Mb
Hard Drives: C: Total - 1880839 MB, Free - 1342865 MB; D: Total - 119108 MB, Free - 74959 MB;
Motherboard: LENOVO, Bantry CRB
Antivirus: Windows Defender, Disabled

HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:34:42 PM, on 2/10/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

More replies

I don't know how I got the malware or spyware.

I would use Mozilla or IE6 and both would send me to another link from Google or yahoo, like mountaincoupon.com. Also I found out it bans me from getting the www.bleepingcomputer.com, free-av.com and other malware sites. Also I can't do a system restore.

DDS (Ver_09-02-01.01) - NTFSx86
Run by AJ at 17:06:26.34 on Fri 02/13/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.463 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe

A:Google redirect and it has banned this site

hi,

Your log is several days old. If you still need help, simply reply to my post.

15 more replies

I apologize if I'm duplicating my previous post, but I can't seem to find it after being informed it was moved to this forum a couple days ago. I haven't received anything since and I can't find the post with a search.

My home page is yahoo. When I do a search, I get results as usual, but when I click on one, another random site appears in the address bar and I end up on google. I haven't really tried to do anything from google, so I'm not sure what would happen if I do, although I've gotten a clue from what others have posted.

I've tried doing a system restore, but for every date I pick, it says it was unable to restore and no changes were made. This computer has been out of my control for an extended period of time, and I know it has has a virus problem about a month ago (some fake virus protection), so right now, I'm kind of afraid to touch anything without guidance.

I ran Norton Virus Scan and it came back with 1 virus threat called Trojan.Adclicker, which except for the redirect to google, seems to mimic the problem. Norton gives instructions for a manual removal, but would like confirmation before proceeding.

One more problem...it's been a while since I've messed around with my computer, but in XP Home, in START, RUN, isn't "configsys" a valid request? When I type it in, it says the file cannot be found? Is this another problem?

Should I start looking for my reinstall disks?

Using Windows XP Home SP3.

A:IE redirect to random site to Google?

Hello, this should work for you.

Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
Then search for ?TDSSserv.sys?
Right click on it, and select ?Disable?
Note: If you select Uninstall, it will install itself again when you reboot the system, so DON?T select Uninstall.
You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.
Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user?s like myself to save the world
In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won?t update

Update you Malwarebytes and run full scan. ComboFix is another great utility that will remove it. I would instruct you on how to use it but I am not allowed to. Hopefully a Moderator will chime in and do the instructing on Combofix.

6 more replies

I am new to this forum.

I have contacted Mcafee and they claim (after going through my system) that my computer is virus-free.

I have a Dell Dimension 2400 Desktop computer and I am using the following:

MicroSoft XP Home Edition with Service Pack 3 version 5.1.2600
Pentium 4 2.53 GHz
Internet Explorer 8 version 8.0.6001.18702
Comcast high-speed Internet
Mcafee Virus Protection - scanned - no viruses detected
Malwarebytes - scanned - no malware detected

When I do a GOOGLE or MSN search and click on the results - I am re-directed to another site that is usually selling something. However, if I copy the url and paste into the address box it seems to work OK.

A:Browser Results Redirect to another site

Welcome to BCWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.

10 more replies

Help I have been working on this for three days!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:51:59, on 8/20/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16711)Boot mode: NormalRunning processes:C:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\WTablet\Pen_TabletUser.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Apoint\ApMsgFwd.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Sony\VAIO Camera Utility\VCUServe.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Babylon\Babylon-Pro\Babylon.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Windows\System32\mobsync.exeC:\Windows\System32\hkcmd.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrot... Read more

A:Firefox And Ie Redirect To Wrong Site

2 more replies

I occasionally get redirects to some site advertising something about xvid when using chrome. It doesn't happen on firefox (which I have noscript enabled on if that makes a difference).

I read that others have posted similar problems and I was wondering if I could get some help here.

A:Redirect to xvid site - updatesearch.org

10 more replies

Host is a WinXP SP3 laptop. User was searching Bing when he was redirected to a site with the domain name czec.cc. The site initiated some sort of bogus file scan claiming to have detected numerous trojans followed by an enticemnt to initiate some removal process.

I followed the steps for removal of the XP Total Security malware but was unable to update Malwarebytes (error 12007, 0) following installation. Despite the definitions being out of date, I ran the scan which turned up nothing.
DDR.txt follows. Attach.txt and Ark.txt attached. DeFogger used as instructed.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by jcheff at 12:05:19.09 on Tue 05/17/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1434 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe

A:Bing Redirect to Rogue Site

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies

Hello...  I have a problem.

Using Windows 7.

Within browser (Chrome), I can do a search, and then when I click one of the links, I am redirected to a different site... Siteadvisor jumps and asks if this is what I want to do.  Multiple windows would open.

What I did:

-  Uninstalled Chrome
-  Ran full scan with McAfee... nothing.
-  Run full scan with Malewarebytes... nothing.
-  Run scan with DoctorWeb... found three items... had them neutralized

After doing this, IE worked fine... search / link / no issue

Right now, I have removed Chrome again and running DoctorWeb again.

Other possibilities?

Thanks!

A:Browser Link - Redirect to Different Site

Uninstall Chrome completely.

Close all Chrome windows and tabs.
Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
Click Programs and Features.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
Install fresh copy.

19 more replies

Hello, I am new here and need help on my google search.
When I do a search on google(actually yahoo as well) using IE, the outcome results always link to some ad-links beginning with extratyper.com.............. and then to links beginning with www2.searchredirect........ I have no problem to search on google and yahoo using Firefox. I would like to have your help on this issue, thanks very much.

I have the factory boot CD.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Evil Cat at 23:19:09.21 on 09/12/2009 星期三
Internet Explorer: 8.0.6001.18702
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup

1 more replies

DDS File is below and ARK and ATTACH files are attached.

Thank you for your time spent helping me with this.

Since then, all sorts of annoying stuff keeps happening.

First off, I kept getting some XP Antivirus Pro popup that would come up and prevent me from going to any other website.
It would pop up and say that the site I was visiting was potentially dangerous and that I better register the Antivirus software.

I ran Spybot and removed the problem. Then it happened a few days later, so I deleted it again with Spybod S&D. It hasn't come back in about 5 days.

My problem now is that when I use yahoo to search for something, it seems to only list those "directory websites" in the search results. By directory sites I mean sites like, lowpriceshopper.com, shoppingtiger.com, similarfind.com, and couponmountain.com.

No legitimate websites are listed at all.
When I go to page 2 of the results, I am automatically directed to a site called nonstopwebspeedway.net. This site automatically directs me to shoppingtiger.com/Links edited to protect users

After running SPYBOT, CCLEANER, and ADAWARE, the problem changed a bit.
Now, when I search on Yahoo, I get legitimate search results.
However, when I click on one of the result links, I get direct to a site called lovetheaweblife.com and then I am directed immediately to shoppingtiger.com.

DDS (Ver_09-05-14.01) - NTFSx86

A:Auto-Redirect from Yahoo to Shoppingtiger.com

Hello and welcome to TSF.

Please note that the fix will require more than one round to properly eradicate. Stay with me until you're given the "all clear", even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions in the order they are presented, and please do no self-fixing or running of scanners unless requested by me or another helper at this forum.

===========================

What version of Adaware is installed on your machine, Free, Plus or Pro? The reason I am asking is because the Free Edition does not have the antivirus component. If you're using the Free edition, you are wide open to infections without the protection of an antivirus.

===========================

Please disable Adwatch so that it will not interfere with the fixes.

To disable Ad-Watch's Automatic Function:Right-click on the Ad-Watch icon in the system tray