Tech Problem Aggregator

Auto redirect to unknown site when visiting Friendster

Q: Auto redirect to unknown site when visiting Friendster

I have a problem when visiting Friendster webpage with my Microsoft Internet Explorer 6.0.

Whenever i type in the url of Friendster the webpage will automatically redirect to an unknown website.


It's getting on my nerves as i can't go to Friendster. However, there's no problem if i'm using the web browser of RealPlayer.

A: Auto redirect to unknown site when visiting Friendster

Hello and welcome to Techspot.

I have just checked out the site you refer to with both Firefox and IE with no problems.

I would suggest therefore that your IE may have been hijacked.

Go Here and follow the instructions.

Regards Howard :wave: :wave:

1 more replies
Answer Match 65.52%

Hello.

I've not had this happen to me before. On visiting "RosariansCorner" I receive the attached message.

I can get to the site through the cached sites in Google but can't navigate the actual site.

Have you come across this before. Other sites are fine. I'm using Firefox and Windows XP.

Thank you.

Penny.
 

More replies
Answer Match 65.52%

I made a search for the above problem with google and lead me here. I downlowded Combo fix and I finally got this log:ComboFix 10-04-21.01 - vasilis 26/04/2010 11:39:37.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1253.30.1033.18.2047.1558 [GMT 3:00]Running from: c:\documents and settings\vasilis\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\0fkk02x.exeC:\9jyhdim8.exeC:\autorun.infC:\chxnxyx.exec:\docume~1\vasilis\LOCALS~1\Temp\cvasds0.dllc:\docume~1\vasilis\LOCALS~1\Temp\cvasds1.dllc:\docume~1\vasilis\LOCALS~1\Temp\herss.exec:\documents and settings\vasilis\Recent\.pifC:\dqm.exeC:\utcddeq.exec:\windows\system32\SHELLLNK.TLBC:\wyskq6lt.exe.((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 ))))))))))))))))))))))))))))))).2010-04-26 06:08 . 2010-04-26 06:08 128512 --sh--r- C:\hc3hvi0.exe2010-04-24 05:58 . 2010-04-24 05:58 128000 --sh--r- C:\twhvna.exe2010-04-22 06:03 . 2010-04-23 06:32 128512 --sh--r- C:\vgyn6ewc.exe2010-04-19 06:27 . 2010-04-21 06:26 127488 --sh--r- C:\r3fhr.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-26 07:55 . 2009-02-09 14:05 10 ----a-w- c:\windows\popcinfo.dat2010-04... Read more

A:Problem visiting mcafee site

When I try to visit mcafee side or other antivirus sides as well as microsoft pages I get the following answer:The page cannot be displayed The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings. To attempt fixing network connectivity problems, click Tools, and then click "Diagnose Connection Problems..." Dont know how to repair my pc. Please help me.Here follows The DDS text DDS (Ver_10-03-17.01) - NTFSx86 Run by vasilis at 10:48:40.59 on 30/04/2010Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1253.30.1033.18.2047.1676 [GMT 3:00]============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\A4Tech\Mouse\Amoumain.exeC:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeC:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exeC:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exeC:\Program Files\Gendex\VixCfg\gxstart.exesvchost.exeC:\Program Files\IVT Corporation\BlueSoleil\... Read more

10 more replies
Answer Match 64.68%

Hey all Iam tryinng to fix my parents computer. They keep getting "warning visiting this site may harm your computer" when in I.E. I understand this is Malware but shouldnt of Norton 360 have caught this?Anywayz here's the HiJack this LOG, Iam also trying to learn so If someone can explain what iam looking for in this log?Here it is:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:03:07 AM, on 7/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Expl... Read more

A:warning visiting this site may harm your computer

Here is the DDS Log:
DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 10:49:09.23 on Thu 07/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.996 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\vVX... Read more

3 more replies
Answer Match 64.68%

Hello,

I am running a P4 Q6600 with Windows XP SP2. I use Firefox, just updated to 12, and have AVG 2012 loaded
(unfortunately, it lists my current AVG Safe Search as incompatible with Firefox 12).
I went to a legitimate business website, and apparently the website has been recently hijacked because
instead of the expected content (that was in the Google cache), an illegitimate-appearing virus warning
appeared in the browser window. I closed the window, but found thereafter that when visiting google.com with Firefox,
Firefox always said it was "Connecting to 213.174.137.82...". This is my main symptom. I didn't observe
this on other intact computers, but I found others on BleepingComputer that had infections associated
with this address (such as http://www.bleepingcomputer.com/forums/topic445802.html, but with slightly different
symptoms -- Google seems to work okay for many searches in my case). I don't perceive significant slowing,
but strangely after running DDS and GMER for a while, my mouse stopped working (I plugged in another one
and it worked for a short while but also stopped) and I started getting delayed write errors. Upon rebooting, the computer
seems to work okay but it still displays the "Connecting to 213.174.137.82..." message with Firefox browsing google.com.

I visited the business website that seemed to initiate the problems again but on a Linux computer, and
I found the URL redirected to a suspicious-appearing .ru address, wher... Read more

A:"Connecting to 213.174.137.82..." appears after visiting hacked site

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

14 more replies
Answer Match 64.68%

after i restarted my computer everything looked to be fine until i went on to craigslist and all of the sudden this malwareweblink.com (http://malwareweblist.com/block.php?id=2036-2&url=http://vancouver.en.craigslist.org/forums/?act=Q&ID=144014843)

took over the screen and says my computer is at risk and it gives me two options

continue unprotected or get security software

i am running avg for firwall spyware and antivirus. this doesnt only happen with only craigslist it happens with almost every website i go to. not every time either but 50% of the time.

if i click continue unprotected it goes back to the website i was previously at but then pops up again. so i tried to click get security software and it takes me to a website to purchase antivir antivirus (http://malwareweblist.com/1/?id=2036-2)

so i belive this is a virus or somthing so if anyone can help me with this problem would be great thank you

please see the attachments as well

A:Warning! Visiting this site may harm your computer!

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

2 more replies
Answer Match 64.68%

Hi,

I need your help. My website "http://www.how-to-manifest-your-desires.com/" is listed by Google as a dangerous site that may harm your computer. The problem is that I don't know how to fix the problem. I have looked through the code to see any suspicious code but cannot see anything suspicious.

I'd appreciate if someone perhaps has experience with this sort of thing. See warning message below!

Thanks,
Jimmy

---------------------------

Warning - visiting this web site may harm your computer!
Suggestions:
Return to the previous page and pick another result.
Try another search to find what you're looking for.
Or you can continue to http://www.how-to-manifest-your-desires.com/ at your own risk. For detailed information about the problems we found, visit Google's Safe Browsing diagnostic page for this site.

For more information about how to protect yourself from harmful software online, you can visit StopBadware.org.

If you are the owner of this web site, you can request a review of your site using Google's Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
Advisory provided by GOOGLE
 

More replies
Answer Match 63.84%

This problem has been very persistent and whatever I do I can't seem to get rid of it! I've included screen shots below. The jist of this is whenever I go to a website (doens't really matter which one) i get those errors! I am running Windows XP Service Pack 2. If you would like more information just ask.http://i16.photobucket.com/albums/b40/boog...galz92/wth2.jpghttp://i16.photobucket.com/albums/b40/boogaboogalz92/wth.jpgI'm guessing it's the same problem as this guy had... http://www.bleepingcomputer.com/forums/t/167891/what-if-i-dont-want-to-buy-their-anti-spyware/Stating that, I've already done what the guy said in post number 2 (with the Malwarebytes' Anti-Malware program) Here's my log:Malwarebytes' Anti-Malware 1.28Database version: 1166Windows 5.1.2600 Service Pack 22008-09-17 20:14:11mbam-log-2008-09-17 (20-14-11).txtScan type: Quick ScanObjects scanned: 47395Time elapsed: 3 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 5Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 1Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{7221E2B7-FFBF-337E-7121-006F0D253BCC} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.HKE... Read more

A:Warning! Your Pc Possible Infected Due To Visiting Exploited (hacked) Site...

Hi, you know it's bogus when you see the grammar they used in link two.Warning! You infected by this siteOk good did you do the needed reboot? If not do that. Then check for an update to MBam,rescan and post another log.

12 more replies
Answer Match 63.84%

My friend's computer got infected with some worm after visiting some porn site and as a result internet explorer would ot start. Everytime we tried to start iexplorer, it would say "C:\WINDOWS\mslk.exe
the NTVDM CPU has encountered an illegal instruction
CS:Odc9IP:011aOP;65 63 75 72 69 Choose 'Close' to terminate the application"
and a variations of other names like "C:\Windows\sdklg.exe or ~mfcrd.exe and poj32.exe...keeps
changing everytime wetry it. Well this is the hijackthis log and it would be nice if someone could help. Thanks!!!

"Logfile of HijackThis v1.97.7
Scan saved at 2:14:03 AM, on 6/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Medi... Read more

A:internet explorer not starting after visiting porn site

Download and install APM from here: http://www.diamondcs.com.au/index.php?page=apm

Run HJT again and put a check in the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\TRIHO~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\TRIHO~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\TRIHO~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\TRIHO~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\TRIHO~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://tcjwo.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tcjwo.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\TRIHO~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {5C397BB2-36D2-F787-9AA2-DB56173763F4} - C:\WINDOWS\msbb.dll
O2 - BHO: (no name) - {38F40F5F-D7CE-40CE-88E6-C0F5381FA3B6} - C:\WINDOWS\System32\nakob.dll
O4 - HKLM\..\Run: [appwh32.exe] C:\WINDOWS\appwh32.exe
O4 - HKLM\..\RunOnce: [ieuu.exe] C:\WINDOWS\system32\ieuu.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\S... Read more

3 more replies
Answer Match 63.42%

Any time I try to access the internet I get " Internet Explorer Warning - visiting this web page may harm your computer".
I can't access the internet from that computer.

If I try to run any programs I get "Security Warning - Application cannot be executed. The file is infected. Do you want to activate your antivirus now?"

Can you guys help?

Thanks
Tim

A:Internet Explorer Warning - visiting web site may harm your computer

Never mind fellas... I fixed it myself!

Thanks anyways!!

1 more replies
Answer Match 63.42%

I downloaded a re-direct anti-virus program.
I was able to kill it with RKill, but there are still some lingering issues going on.
When I try to connect to the internet via Google.com I get this message "Internet Explorer Warning - visiting this web site may harm your computer!"
I have run Malwarebytes and Microsoft Security Essentials.
They have removed numerous Trojans etc, but I still get the Internet Explorer Warning - visiting this web site may harm your computer!
When I tried running HIJackThis, I get a message "For some reason system denied write access to the Hosts file...."

Any clue how bad it really is?

Thanks,

Gilly68

A:Internet Explorer Warning - visiting this web site may harm your computer!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

2 more replies
Answer Match 63.42%

Was on a website called coolwallpaper.com or something like that and as soon as I got on it spyware doctor went off blocking threats, then a window popped up which appeared to be scanning my pc for viruses which was a program I dont have on my pc. I ran malwarebyes and tried to remove some of the stuff wanted to make sure I got every thing.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:52:21 PM, on 1/25/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HP DigitalMedia Archive\DMAScheduler.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\AIM6\aim6.exeC:�... Read more

A:PC under attack after visiting a wallpaper site, Hijack report included

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

2 more replies
Answer Match 63.42%

I have an infected laptop running XP Pro SP3. It had Spyware Protect 2009 on it but I was able to stop the sysguard.exe process and delete sysguard.exe from the Windows subdirectory and from the HKEY_CURRENT_USER\....\Run registry hive. There is still at least one other major problem. IE 7 is redirected to display "internet explorer warning visiting this web site may harm your computer" most of the time. I can get to google sometimes and even search something but when I try to follow a link - I get the redirection message. It also prevents me from running a system restore and most of the scanning software such as malwarebytes, SDfix and several others. I was able to run HijackThis but when I tried to post the report, it redirected me again so I saved the log file to a thumbdrive and logged onto an uninfected computer to post this.

I'm attaching the log file.
 hijackthis.log   10.75KB
  9 downloads

I've heard great things about this forum. Thanks for your help in advance.

A:internet explorer warning visiting this web site may harm your computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Answer Match 57.12%

Whenever I click on a link, even if it is a link presented by Google as a result of a search, I am often taken to various different web sites I never heard of before. My husband is very computer literate but does not feel comfortable fixing this without your advice.

When I tried updating my PC-cillin information I got an error saying, "Update unsuccessful. Check your Internet connection, and then try again. Consult the Online Help for additional instructions. (-1)"

We think this could be a result of being highjacked. We do have internet connectivity. For example this message is being sent from the computer that is having the problem.

Thanks in advance for your help!

Here's my DDS log:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Lorri qwert at 19:38:37.81 on Thu 04/30/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.151 [GMT -7:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Outdated)
FW: PC-cillin Internet Security - Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PR... Read more

A:Clicking a link for a web site takes me to unknown site instead

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

14 more replies
Answer Match 56.7%

Hello all.

Everytime I go to a websitr I get an antivirus popup, or a popup that has something to do with the site I visited.

For example if it was a Sports site, I may get a popup for NFL clothing.

Please help.

Here is my LogFile, Thanks.






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:56 PM, on 9/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\GWMDMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\NMSSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost... Read more

A:Antivirus Popups, popups that are similar to the site I am visiting

bump, anyone?

2 more replies
Answer Match 53.76%

Anyone else getting that old Google bar when visiting a Google site with Edge?

A:Anyone else getting that old Google bar when visiting a Google site ..

Yup..shows up here.

20 more replies
Answer Match 51.66%

Hi
Recently, when I click a link brought up from a Google search it opens a new window and the first time I click the link it takes me to a different site than the link should. This happens in Safari 4.0.5 and IE8.
Also, my wife purchased a train ticket online and 1 hour later we had a phone call from the bank suggesting fraudulent use of the card detailed she had entered. I do not know if this is related but am very concerned. I was running AVG but uninstalled as it was showing no errors and Combofix didn't want it running when it was scanning.

I have found a few similar posts and therefore have down loaded and run:

Combofix.exe - ran this first and theno I rebooted
Hijackthis - ran this, have not rebooted since

The problem appears to be resolved as the links open in the same window correctly now but here are the logs from my scans, can you please confirm if I have removed all the malicious software?

Combofix log:
ComboFix 10-05-08.03 - Mat 09/05/2010 13:05:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1180 [GMT 1:00]
Running from: c:\users\Mat\AppData\Local\Temp\af9jj5r9.tmp\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe3201.dll
c:\windows\system32\spool\prtprocs\w32x86\0000421c.tmp
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((... Read more

A:links redirect open new window and redirect to advertising site

Hi
Have I supplied incorrect information on this thread or are there no issues remaining with the PC?

Any assistance anyone can provide would be much appreciated?
Thanks
 

1 more replies
Answer Match 51.24%

Hello,

I downloaded Internet Explorer 8 and it works perfectly fine. The only problem is it won't let me access www.friendster.com.
Your immediate feedback will be highly appreciated.

Thank you,

J

More replies
Answer Match 50.82%

When i pasted a layout code on my page,it does not work.Instead it shows the entire code on my page!When i deleted the code,my profile does not change!It still shows the code!What can i do?

More replies
Answer Match 50.82%

lately i found it too difficult to open the friendster's homepage : www.friendster.com. an httpp 400 bad request appears each tym i try. I dont know exactly what causes this error. I have no problem accessing other websites. i am using windows vista. below is the http 400 bad report:

The webpage cannot be found
HTTP 400
Most likely causes:
?There might be a typing error in the address.
?If you clicked on a link, it may be out of date.

What you can try:
Retype the address.


Go back to the previous page.

Go to and look for the information you want.

More information

This error (HTTP 400 Bad Request) means that Internet Explorer was able to connect to the web server, but the webpage could not be found because of a problem with the address.

For more information about HTTP errors, see Help.

Please help me pleasss....tnx alot!!

More replies
Answer Match 50.82%

i can't connect to facebook & friendster website.. but google and other website is good. any idea?? i search for this problem and try to delete some cookies. and firewall setting.. i have this problem before. and solve it. this is what i do.
1. in firewall.. my firewall is off.
2. i turn on the firewall and wollaaa its working..

now i have a problem again opening friendster & facebook.
and i try to do the same way. but now it's not working so any one please help me..
this the page view.

Network Error (tcp_error)

A communication error occurred: "Connection refused"
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.

For assistance, contact your network support team.

More replies
Answer Match 49.98%

Hi! Attached here with is the ActiveScan from Panda Security.

I hope you could help me with my problem. My friendster page is not loading its images.

A:Friendster Page not loading images

Hello, KLyTH
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to create an OTViewIt ReportPlease download OTViewIt by OldTimer.
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them i... Read more

2 more replies
Answer Match 49.98%

A couple of weeks ago I woke my computer up from stand by to find three programs running that were not running when I left. Whitesmoke translator was downloaded and installed into my computer without my consent. I ran a full virus scan using Trend Micro and deleted any viruses that were found. I then purchased Malwarebytes and ran a full scan and again deleted any viruses found. I enabled Malwarebytes' website protection and since then I have been getting notices of ips that were successfully blocked (62.122.75.136, 62.122.75.138 are a few that were just blocked but there are others with not so similar ip addresses). I am also being receiving a wal mart pop up and being redirected to a website called cr0zybanner.com every 20 or so minutes. Could someone please help me remove whats causing these problems? I also do not have a backup copy of my windows xp disk. Thank you for your time.

DDS (Ver_10-11-27.01) - NTFSx86
Run by David DiGiovanni at 21:28:07.21 on Mon 11/29/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2211 [GMT -5:00]

AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\W... Read more

A:Auto run program and web site redirecting

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this linkDouble click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special r... Read more

16 more replies
Answer Match 49.98%

How do you get IE8 to automatically translate a website, and display site, in your language?
Neither my XP or W7 machine, both use IE8, will show me a german site in english. I used to go to the site in IE7 and it would be in english, now nada.
I'm not interested in changing browsers so please, do say use firefox, etc.....
I use Google as homepage.

ty

A:Foreign Site Auto-Translation

I use Bing Translate, included in IE8.

Click Page menu, hover (don't click) over Translate with Bing. A small window opens, you can choose original language and to with language you want to translate. Usually I just click Translate this page and let Bing auto-detect the original language.

Kari

Image 1 (choosing translate feature):

Image 2 (Bing translate shows original and translated page side by side):

1 more replies
Answer Match 49.98%

Ive configured Security level for Internet Zone as High with these customs:
download signed ActiveX controls prompt;
run ActiveX controls and plugins enabled;
script ActiveX controls marked safe for scripting enabled;
file download enabled;

Quote:




miscellaneous {some are default}
access data sources across domains prompt;
allow webpages to use restricted protocols for active content prompt;
display mixed content prompt;
drag n drop / copy n paste files prompt;
submit non-ecrypted form data prompt;




active scripting enabled;

i entered this site and it automatically redirects to youtube dot com main site.

also my google MAIL can't open (left click) a link within the message body. It goes blank tab. the workaround is CTRL + Lclick. Or Rclick + open new tab.
Regards

A:Site redirects auto. to youtube

I just went to the link as well and it took me too Youtube.

For google mail have you tried to clear the temp files?

Please download Cleanup! and install it.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):Empty Recycle Bins
Delete Cookies
Delete Prefetch files (if present)
Cleanup! All Users
Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.
Click OK
Press the CleanUp! button to start the program and Do Not reboot when prompted.

1 more replies
Answer Match 49.98%

Hey all

I was wondering if anyone knows of a way to auto-download all MP3s from this site http://yump3.eu/Download/

It looks like it is PHP.

I was able to do this with a different website which had direct links to MP3s and you save target as with a firefox addon. Is there a way to do the same auto-download process with the site I linked?
 

More replies
Answer Match 49.56%

Hello! Good Day...

I have a problem with my PC. I was trying to login to my Yahoo Messenger using my account. but i was not able to login successfully. if you are familiar with Yahoo Messenger, the window that appears when you entered a wrong password came out. but i tried many times to enter the password. My sister also tried entering hers' its the same result. We tried logging in Friendster and Hotmail, its the same result. we cannot login to this kind of sites. we haven't tried other sites with the same function like friendster.

i dont know if this started because of my security software did not function properly. I bought this security software months ago. at first it was okay. then when it did not function properly, i cannot login to the said sites. I tried contacting the support unit of this software and there solutions were not getting the problem solved.

I tried searching for online help. i stumbled with one of your solutions to a problem of a guy regarding logging in. one member said to go to a site (www.kaspersky.com/virusscanners) to perform an online scan. i visited that site. But i was unable to get an online scan going because it says that the online scanner is expired. the installation of the online scanner was successful but when the virus definition initializes. it failed.

how can i solved my problems? is it my security software causing the problems? am i infected with a virus already?

Thank you in advance for taking time to read my very long s... Read more

A:Cannot Login to Yahoo Messenger, Friendster and Hotmail

Bump
 

1 more replies
Answer Match 49.56%

To whom it may concern

Currently my Internet Explorer always pop up www.g2g2.net web site after 2 minutes each time when I launch my IE8. How can I remove this pop up web site (it shows Arabic word in the web page)?

I did use Windows Essential Security but it did not detect any virus / malware.

Thanks

A:Internet Explorer auto pop up www.g2g2.net web site

Whats set in your home page under options

3 more replies
Answer Match 49.14%

Avoid Friendster and its clones, warns security expert
By Andrew Orlowski in San Francisco
Posted: 10/02/2004 at 03:08 GMT

Computer users who value their privacy should stay clear of 'social networking' websites, and should warn their friends away too, according to a distinguished Australian security professional. And for good-measure, the rash of new websites - with names apparently inspired by artificial food preservatives such as Ryze, Plaxo and Orkut - make a mockery of existing data protection legislation.

"In general, people would be well-advised firstly to stay well clear of all address-book and 'social networking systems', and secondly to prevail upon their friends, colleagues and acquaintances that they should avoid making any data about them available to service-operators like Plaxo," says Professor Roger Clarke, a visiting professor at the Australian National University.

Clarke has studied the leading contenders, of which the most famous is the revenue-free Friendster, and concluded that not only do they lack a basic understanding of privacy concerns, but they are not likely to either.

The Register
 

More replies
Answer Match 48.72%

(NOTE:  Links open in a new tab.)
In the TechNet article
here I see reference to a schema v.2 for the EMIE tool. It will apparently spit out the xml using the new version 2 of the schema. But the download link only goes to downloads for Win7/8 (schema v.1), and I cannot find any reference to where I can obtain
the Windows 10 version.
For example,
this article specifically references a Windows 10 version, where
this one references Windows 7 and 8.  Finding the Windows 10 version has proven impossible so far.
We have several sites which need to be opened in IE instead of Edge, and using our old Enterprise Mode site list is not working on our Windows 10 clients.
Current site list example:
<rules version="4">
    <emie>
          <domain exclude="false">www.contoso.com</domain>
    </emie>
</rules>

Etc.
Reading about the
v.2 schema leads me to think that the output from the tool is incorrect.  The documentation suggests that the output for Windows 10 should be:

<site-list version="205">
  <site url="www.contoso.com">
    <compat-mode>IE8Enterprise</compat-mode>
    <open-in>IE11</open-in>
  </site>
</site-list>

Or am I missing something here?

More replies
Answer Match 48.72%

I've searched all over the place for this same issue with no luck. I've come IE won't save passwords, IE won't prompt to save passwords, and IE won't save passwords on certain sites, but I have been unable to find why on one computer it will prompt to save
the password for a site but it won't prompt to save on that same site on a different computer with the same browser.

So let me start by saying this, both computers are the same model, have the same OS, and same version of IE. (Dell OptiPlex 3010, Windows 7 Pro SP1 x64, and IE 11). I have verified the site in question allows passwords to be saved. It works on one computer
and not the other. Even if we try the same username. The company that runs the site has also verified this (Can't post the site name for privacy reasons).
I set this new user up on this computer and have done the following:
1. Made sure that prompting to save passwords was enabled in Internet options
2. Reset IE to defaults
3. Added to site to compatibility list
4. Added site to trusted sites
5. Restarted computer
6. Tested password prompt worked on another site
I know this is kind of vague, but if I am missing anything it would be greatly appreciated if someone could point it out.

Thanks in advance.

More replies
Answer Match 48.72%

Hi, when using Google Search then clicking on any finding IE is blocked. I can see an unknown address shown in address bar, i.e. http://www.aggoontirnhe.com/search.php?q=google%2Blink%2Bblocked&n=1291882329 It vanishes when mouse pointer is placed on address bar then it reappears.

I have tried many antispyware or malware applications but no one was able to remove or to locate this parasite.

Please help.
Rds Tad

A:IE address bar is hijacked by unknown web site

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

2 more replies
Answer Match 48.72%

I need support(drivers and instruction) to reinialize my laptop PC, but it is unknown in the toshiba internet site. Why this?

Toshiba PcDiag report:
Data 2012/01/03 08:06:00

[Informazioni sul PC]
Modello Satellite M70
Numero parte PSM70E-01100JIT
Numero di serie Z5265264K
Versione sistema operativo Microsoft Windows XP Home Edition 5.1.2600 Service Pack 2
Versione BIOS V1.10
CPU Intel(R) Pentium(R) M processor 1.73GHz
Memoria fisica 2048MB RAM
Capacit? disco rigido 80,031,974,400 [Byte] 74.536 [GB]
Capacit? spazio libero su disco rigido11,920,052,224 [Byte] 11.101 [GB]
Video Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family versione=6.14.10.4363
Risoluzione schermo 1280 x 800 Pixel
Colori True Color (32 Bit)
Audio Realtek AC97 Audio versione=5.10.0.5870
Rete Realtek RTL8139/810x Family Fast Ethernet NIC versione=5.621.304.2005 Indirizzo MAC=00:0F:B0:A7:7E:DF
Intel(R) PRO/Wireless 2200BG Network Connection versione=9.0.2.25 Indirizzo MAC=00:01:02:03:04:05
Modem TOSHIBA Software Modem versione=2.1.51.0
Dispositivo IDE 1 MAT****A DVD-RAM UJ-841S Versione firmware=1.50
Dispositivo IDE 2 (Nessuno)
Dispositivo IDE 3 ... Read more

A:Re: My Satellite M70-165 is unknown in the Toshiba site

> I need support(drivers and instruction) to reinialize my laptop PC, but it is unknown in the toshiba internet site. Why this?
It is not possible. Do you know why?
You cannot search notebook using model name M70-165. On Toshiba download page it is listed by model number. Your Satellite M70-165 has part number PSM70E so please use it for notebook identification on download page - http://eu.computers.toshiba-europe.com/innovation/download_drivers_bios.jsp

Old models are listed in option ARCHIVE.

Please check it again.

2 more replies
Answer Match 48.72%

To what extent can I be 100% certain what is in my friends' internet history was physically done on her computer? He has a yahoo account (both in the email internet history and in the C://programfilesyahoo/messenger/profiles that he swears he has never seen before.
If it was malware, would it still have appeared in the history?

I would forever be in shame if I wrongly accused him of being this screenname.
very concerned
 

A:unknown site on internet history

6 more replies
Answer Match 48.3%

I am haveing problems with websites being redirected, random sites popping up at all times, sites just shutting down, and no sound on my youtube videos.

I have ran Norton, Malmarebytes, and Spybot with no success.

I accidently ran Combofix and then uninstalled it.

Please help.
THANK YOU!!!!!!!

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Crystal at 4:06:45 on 2011-07-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.153 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WIN... Read more

A:Site redirect, random popups, random site shutdown

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

9 more replies
Answer Match 47.88%

I'm using Windows 7 Professional on an HP Elitebook 8560p laptop.  I'm using AVG Free and also frequently scan with SpyBot Search & Destroy, MalwareBaytes, and SuperAntiSpyware.
 
I went to a sports streaming site that is apperantly just a malware server because I immediately started getting all kinds of popups and my browsers had toolbars installed and the home page and search engines were changed.  I identified several programs that were installed and uninstalled them.  AVG detected (I think) a few files identified as Trojans and also prevented communication to some address.  I update and ran full scans with the three utilities mentions above and all found and cleaned trojans, adware, and PUPs.
 
All three scan clean now and in FireFox I've remove toolbars and reset my home page and search engine.  I'm still experiencing long delays while going to any site and "feeds.webmakerplus.info..." and other site names show as being contacted during the delay before the web page dispalys.  I'm also seeing some popup windows and embeded ?ads? in pages that is not normal.  Apperantly, I'm still infected in some way.  Help.  Thanks.

A:Browsers talking to unknown site(s) and getting popups, etc.

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

4 more replies
Answer Match 47.88%

There's a website that, for some reason, I cannot connect to. Each time I try to, Firefox just gives me the old error:

The server at metal-archives.com is taking too long to respond.

(the site = http://metal-archives.com/ by the way)


The same thing happens on all of my web browsers, and in fact no computer on the network at my house that's connected to the Internet can go to the site, though I know it's not down. I'm not IP-blocked from the site, and I can still visit it through proxies.

What could be causing this, and what can I do about it? I hate having to go through a proxy everytime I want to use it. :/
 

A:I cannot connect to one specific site for some unknown reason.

Hello and welcome to Techspot.

It may be something to do with your ISP. Hence why using a proxy lets you contact the site.

The reason I say this, is because my ISP has been having a few problems lately and I`ve had the same problems connecting to certain sites, although in my case the problem is intermittent.

Contact your ISP and see what they say.

If it turns out it`s nothing to do with your ISP, then I don`t know what the problem is.

Regards Howard :wave: :wave:
 

2 more replies
Answer Match 47.88%

I am using a toshiba satellite laptop with windows 7 64 bit version. I have been using Firefox as my default browser. I also have IE and google chrome. In the past three days, whenever I click on any of the search results in google, it gets automatically redirected to some random website. I have noticed the website blinx opening more than once. It is really frustrating. Initially I thought that the problem might be with the browser add-ons or extensions and I uninstalled Firefox altogether and switched over to Chrome. But the same problem exists. Following the instructions, I am pasting the DDS log below.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Lirin at 21:47:32 on 2011-10-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.3894.1151 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rap... Read more

A:Google searches are being redirected to unknown site

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

32 more replies
Answer Match 47.88%

For every link or website that is down or is dead, I now get redirected to the above site.The site is very deceiving. You can only find some info if you click on privacy or legal details on the bottom of the webpage. 
 
The results when redirected have me search for things including a big ad for malware removal. 
 
I ran McAfee and SuperAntispyware. Both yielded no malware, just the usual cookies from casalmedia etc with SA.
 
Can you please advise how to proceed?
 
Thank you
 
Edit: I just tried the dead links on my iphone. i have also been redirected to the same site.So perhaps this is a router, network. or ISP issue?

A:404 Page redirects to unknown site: DomainSponsor

What are some of the links?

3 more replies
Answer Match 47.88%

Spyware that has so far not identified itself. This is a used computer that I've owned for several months and has run fine until yesterday so I assume it's my fault, but I don't know the history of the computer. I installed MalwareBytes, and it scanned and removed some objects, but would only work in safe mode. When I rebooted, MalwareBytes would alert me to malicious internet access and then my computer would hard reset. I had to restore to a previous restore point before installing MalwareBytes and now my computer will occasionally hard reboot for no reason. If I attempt to go to the lavasoft site I am redirected to different sites, ave 99, validclick.net, the-consumer-reporter.org. And several others. The spyware has not identified itself in any way. I know you're very busy, any help is much appreciated. Thank you so much!

A:Unknown Spyware, redirects ad-aware site to ave 99

Solved my own problem. Thanks for the site though. Many people stuck like myself are extremely grateful to have a place to turn for help!

2 more replies
Answer Match 47.88%

I've become the unofficial network admin at my work place, we are having some network connection issues and I have no idea what's causing it. This problem only started occuring about 3 weeks ago, there haven't been any changes made to the configuration of the network. The network has 1 linux server, 7 computers, and 2 network printers. The router we are using is a D-link DI-604, there are 2 d-link switches connected to it, as well as a d-link DWL-900AP+ wireless access point. Sometimes when we arrive in the morning and turn on the computers, some of the computers cannot acquire a network address. Loading the router configuration page shows the dhcp server leasing IP's to an unknown device, screen shot is attached.
The mac addresses of all known devices connected to the network (computers, printers, server) begin with 00, i don't know what the device with mac address beginning with 52 is but the dhcp server is leasing all the unused ip's to that device.
Anybody have any ideas?
 

A:auto dhcp ip lease to unknown device?

10 more replies
Answer Match 47.04%

I've looked absolutely everywhere I can think of and I can't find a way to disable auto-joining unknown networks. There has to be a way to do it, otherwise that would be a huge security flaw. When in range of my own router or any other access point I have saved, it's fine. However, When I take my laptop elsewhere, it automatically joins unprotected networks, which I don't want to happen. How can you stop Windows 7 from automatically joining unknown wireless networks?

A:Disable WiFi Auto Join Unknown Networks

Turn of the radio button maybe?

2 more replies
Answer Match 47.04%

Hello, i am running to a big concern on my computer. when i turn on the machine on the login screen it sort of tries to login, but since it has a password it fails. then when i login it tries to open an unknown file. am i infected or is it a problem with the OS configuration ?
 
PD.: I hope the post belongs here, since im running windows 7.
This file i found it "C:\Users"

I just did a search of the file, and this is where i found it. I opened on the note pad and it had nothing written in it.
 
Video Update:

A:Startup failure and auto start an unknown file

It's not clear from your post...is the computer usable?

4 more replies
Answer Match 47.04%

Hello, I am using windows XP 2000 service pack 3. Since last week whenever I start windows internet explorer stars with site India Study Channel. When I close the explorer and reopen it everything is ok and internet explorer opens with my home page i e google.com. Please help me to solve whether it is a work of malware/spyware?. Your guid/ help in this regard will be appriciated. My Hijackthislog is as under:-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:33 PM, on 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\etMon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\Cyberoam... Read more

A:Solved: Internet Explorer stars automatically with unknown site

9 more replies
Answer Match 47.04%

Not sure what the problem is , nothing came up in malware bytes or spybot. Also Eset antivirus only goes off when the browser actually tries to open the other windows (which is usually a ton) Below is the hijack this log. Thanks in advance:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:29:06 PM, on 4/20/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\phil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe
C:�... Read more

A:Explorer & Firefox both open multiple browsers with unknown site

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

14 more replies
Answer Match 46.62%

Hi, so just yesterday, between 12.53am to 12.57am. Mails have been sent through my email [[email protected]] to all my contacts. The Mails are sent in groups of 5.

In total, there are 18 sets of the group of 5. That makes 90 mails being sent through my email. Every set of mails contains a different link (I believe it all leads to the same place)

They are such as:
hxxp://ow.ly/3NACS
hxxp://ow.ly/3NyRz
hxxp://ow.ly/3NzHZ
hxxp://ow.ly/3NAvf
hxxp://ow.ly/3NzDy

There is no subject, only a link as such of above. When I clicked on sent messages, I could see these messages being sent.

Actions I have done to fix the problem:

Changed my hotmail password
Scanned with Spybot Search & Destroy [Nothing found]
Scanned with McAFee Security Center [Nothing found]
Scanned with Malwarebytes' Antimalware [Nothing found]

This is my log of Hijackthis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:01 PM, on 3/2/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\... Read more

A:Unknown virus, Auto forwarding mails with links to all my contacts.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

2 more replies
Answer Match 46.62%

Several times per day when interacting with my web browser (Chrome), a new tab will open of it's own accord and try to go to a site. Sometimes this is as seemingly innocuous as Fanduel.com, but more often than not the destination is a malware attack site. These seem to be mostly getting caught by my A/V solution (Norton), but it is just a matter of time... I have tried Malwarebyte scans, updated Norton AV scans, etc. Nothing is picking up the problem... Please help!
 
FRST.TXT:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by clm8328j (administrator) on PCZILLA (21-10-2015 20:40:00)
Running from C:\Users\clm8328j\Desktop\Temp\Clean Up
Loaded Profiles: clm8328j (Available Profiles: clm8328j)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officecli... Read more

A:Unknown Browser Malware Chrome periodically opens a new tab for a malicious site

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-438002701-1874782341-4271311250-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
Toolbar: HKU\S-1-5-21-438002701-1874782341-4271311250-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
Toolbar: HKU\S-1-5-21-438002701-1874782341-4271311250-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plug... Read more

2 more replies
Answer Match 46.62%

Dear TSF,

In later, my computer has been infected by some kind of trojan or something. Neither AVG, Norton or Avast can find anything suspicious.

Each time i access a folder (not everyone actually, but the major part) or the Local Disc, i get a popup:

After that it redirects to a site, made to look like the My Computer design, and a button to download something. the site is hxxp://sc.videofreeforonline.com/id/4912933/4/1/ (The site doesn't give any malware, but i do not recommend clicking the link)

This does not only slow down my browsing, but also i guess its a threat to my computer/network.

Please help me!
Regards, ghcBuG - "Computer n00b"

A:Unknown Trojan - Popups everytime i access folders - Site redirecting

I fixed it! (I think atleast) With the help of this forum, guiding of HijackThis i managed to find a file in windows named OSMA - rgf.dll

I was able to delete it. Since then i haven't had any popups or any site redirecting! So all of you with a similar problem, try to do the same (but dont play with HjT too much.
Moderators can close this topic as long as they dont want to search my computer for more infections, lol.

THX
ghcBuG - Computer pro!

1 more replies
Answer Match 45.78%

Hello, over the past day and a half this problem has gotten a lot worse. Windows automatic updates cannot be turned on, this has spread to norton automatic updates as well.

recently started to get frequent stop errors having to do with ntfs.sys or srtsp.sys files.

ive also been getting adult popups in internet explorer and the computer seems to be running slower than norm.

Help would be appreciated asap as i need this comp to study for exams :S

Thank You

My hijack this report:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:11 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\... Read more

A:Solved: Norton/windows auto updates dont work, slow computer, adult site popups, sto

9 more replies
Answer Match 45.78%

Hi! Im new to this forum and well basically new to viruses and malware overall. I use malwarebytes and norton 360 and i've previously never had any issues with my computer regarding malware. Recently what has begun to happen is that my searches on google and right click opens to new tabs are being redirected to other sites.I first started with my sites being rerouted to: bts.scour.com/html3? (something like that)Now the sites are being redirected to airsoft.com and some random "search authorization" pageI'm afraid that my computer will be hijacked over time and i'd like to fix these problem soon.I read about this on another forum on this site but i was unable to understand the process. It would be great to get help in a more simple way ( cause i'm new to this).Ive also followed the steps for preparation.Thanks anyone and everyone for helping out if you can!~Rohawa~ DDS Log.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by ****** at 19:12:42 on 2012-08-26Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1266 [GMT -4:00].AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\sy... Read more

A:Auto Redirect

Hello rohawa , Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.1.Do you have a USB Flash Drive you can use?2.Please download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

32 more replies
Answer Match 45.36%

Yesterday I noticed random voice ads running in the background from no obvious source... about the same time I would be redirected to random websites from google search results and have notifications pop up saying my system hard disk was failing and memory was low. I found some random iexplore.exe tasks running and terminating them seemed to cure the voice ads, but this was only temporary as iexplore.exe tasks reappear. I used malwarebytes and spybot which found some infections, that were removed. I no longer get the hard disk or memory error pop up messages, but I still get directed to random websites while the voice ads and iexplore.exe tasks still exist. Please help... I understand reformatting maybe my only option.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Nathan at 16:30:24.31 on Mon 01/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.2038.966 [GMT -7:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe ... Read more

A:iexplore.exe background voice ads, google search site redirects, infection type unknown

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

21 more replies
Answer Match 45.36%

hey guys.Can some one please help me out ? ill be surfing the web , and at random times a new tab or window opens up with random sites. my FF crashes sometimes, freezes etc . here are the Hijack this logs . Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:37:18 PM, on 9/5/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\Program Files\Java\jre6\bin\jqs.exec:\PROGRA~1\mcafee\SITEAD~1\mcsac... Read more

A:site hijack redirect .

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

19 more replies
Answer Match 45.36%

Hi, new PC with a problem. The browser redirects constantly, McAfee wont open or run scans and when I tried Malware bytes, it crashed it after 5 seconds. I tried running Gmer per the instructions, but it crashed it as well. Here's the DDs log...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Agustyn Pena at 20:46:33 on 2011-10-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1227 [GMT -7:00]
.
AV: McAfee? Security-as-a-Service Anti-virus *Enabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svcho... Read more

A:Site redirect problem

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\WINDOWS\1714747044
Press Create button and post the content of the Result.txt.

Important: Restart the computer.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is... Read more

16 more replies
Answer Match 45.36%

I am having this "Strange" behavior with IE6 SP2. Ordinary links on 'normal' webpages keep redirecting me to ad sites and sponsored links. Strongly suspect adware secretly installed coz Ad-aware, Spybot scans were clean. This is driving me nuts. please help!

Heres my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:19:28 AM, on 2/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Appa&Amma\My Documents\My Installers\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Exp... Read more

A:IE links redirect to ad site

Hi eaglered_77, and Welcome to TSF!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download Ewido Security SuiteInstall Ewido Security Suite
When installing, under "Additional Options" uncheck..Install background guard
Install scan via context menu

Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.


Run... Read more

1 more replies
Answer Match 45.36%

To whoever picks up this post, thank you! You guys have worked miracles for me in the past and I know you will again.When I try to access my USAA account (banking, insurance, etc), after logging in, I am redirected to a page that appears legit, but is asking for every piece of financial and security info about me (account numbers, credit card info, ATM pin, mother's maiden name, etc). Normally I'd be asked my website login PIN and then brought into my account. I called USAA and they verified that this page is not theirs. (Thought I'd mention, I immediately changed my login info from another computer.)Redirect website url and image: https://www.usaa.com/inet/ent_logon/j_security_checkInternet browsing is also somewhat slow, the mouse arrow flickers on certain sites, and certain sites that I frequent are loading improperly. I did a speed test and have no problem with my internet connection (25/5 mb/s download/upload speeds)I performed MBAM and SAS scans, results below:MBAM:Malwarebytes Anti-Malware (Trial) 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.10.04Windows 7 Service Pack 1 x86 NTFSInternet Explorer 8.0.7601.17514AaronRach :: AARONRACH-PC [administrator]Protection: Disabled5/10/2012 3:40:47 PMmbam-log-2012-05-10 (15-40-47).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 189175Time elapsed: 4 minute(s), 13 ... Read more

A:Financial site redirect

Does it happen in any browser?Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download aswMBR to your desktop.Double click the aswMBR.exe to run it.If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".Click the "Scan" button to start scan.On comple... Read more

4 more replies
Answer Match 45.36%

My computer is infected by nasties. I had scanned with Malwarebytes Anti-Malware, SuperAntiSpyware and Hitmanpro and removed the infections, but they kept coming back. 
 
PUP.Optional.PricePeep
PUP.Optional.PricePeep
PUP.Optional.ReMarkIt.PrxySvrRST
PUP.Optional.ReMarkIt.PrxySvrRST
PUP.Optional.Yontoo
PUP.Optional.Yontoo
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by J K (administrator) on JK-THINK (02-09-2016 22:33:51)
Running from C:\Users\J K\Desktop
Loaded Profiles: J K (Available Profiles: J K & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(SurfRi... Read more

More replies
Answer Match 45.36%

My computer is infected by nasties. I had scanned with Malwarebytes Anti-Malware, SuperAntiSpyware and Hitmanpro and removed the infections, but they kept coming back. 
 
PUP.Optional.PricePeep
PUP.Optional.PricePeep
PUP.Optional.ReMarkIt.PrxySvrRST
PUP.Optional.ReMarkIt.PrxySvrRST
PUP.Optional.Yontoo
PUP.Optional.Yontoo
 
PUP.Optional.PricePeep

More replies
Answer Match 45.36%

ok, I am not sure if i am infected with anything or not. I rarely use ie, but I must use ie(x86) to connect to vmWare console.(x64 doesn't support the plugins)

I use xp pro 64bit. i tried the dds listed in the "read first" topic, but it will not work on x64 system.

My problem is that ie x86 will NOT connect to a secure site. i get this res://C:\WINDOWS\SysWow64\shdoclc.dll/dnserror.htm#https:xxxxx whenever i try. I do not get the same error on ie(x64) but again, the plugins aren't supported there. I did d/l search & destroy, and it found 8 different threats, but subsequent scans have returned 0. Again, I am not sure if this is virus/malware related, as I don't seem to be having any other problems other than the secure site. I am posting my HJT log, thank you for any thoughts/help!

bj

A:secure site redirect

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

2 more replies
Answer Match 45.36%

My computer is infected by nasties. I had scanned with Malwarebytes Anti-Malware, SuperAntiSpyware and Hitmanpro and removed the infections, but they kept coming back. 
 
PUP.Optional.PricePeep
PUP.Optional.PricePeep
PUP.Optional.ReMarkIt.PrxySvrRST
PUP.Optional.ReMarkIt.PrxySvrRST
PUP.Optional.Yontoo
PUP.Optional.Yontoo
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by J K (administrator) on JK-THINK (02-09-2016 22:33:51)
Running from C:\Users\J K\Desktop
Loaded Profiles: J K (Available Profiles: J K & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(SurfRi... Read more

More replies
Answer Match 45.36%

hi eveyrone!

our site keeps on redirecting to
Code:
http://gogamego.thewhizproducts.com/?chid=121&oid=626&crid=5249&subid=210790403372&pubid=473791
is there anyone who can please help me how to remove it?

thanks
 

More replies
Answer Match 45.36%

hi there,
when i log into hotmail it doesnt go to my hotmail page, it just says done at the bottom and is just a black brwoser window. I can get to my hotmail by going view then sources and pasting the url into the address bar. this is also a problem on other web sites including ebay. Can anyone help me?

thanks

dannyb99

More replies
Answer Match 45.36%

To whoever picks this up, an advanced thanks. You guys blow me away with your expertise and generosity. Keep up the incredible work.Original post in the "Am I Infected?" forum located here: http://www.bleepingcomputer.com/forums/topic453199.html, symptoms copied here:"When I try to access my USAA account (banking, insurance, etc), after logging in, I am redirected to a page that appears legit, but is asking for every piece of financial and security info about me (account numbers, credit card info, ATM pin, mother's maiden name, etc). Normally I'd be asked my website login PIN and then brought into my account. I called USAA and they verified that this page is not theirs. (Thought I'd mention, I immediately changed my login info from another computer.)Redirect image: Just saw that the same thing is happening with Amazon as well.Internet browsing is also somewhat slow, the mouse arrow flickers on certain sites, and certain sites that I frequent are loading improperly. I did a speed test and have no problem with my internet connection (25/5 mb/s download/upload speeds)"Steps 1-10 of Preparation Guide for Using this Forum - completeDDS log:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30Run by AaronRach at 9:54:52 on 2012-05-11Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3061.1624 [GMT -4:00].AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows... Read more

A:Financial site redirect

75CB2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] kernel32.dll!CreateProcessAsUserW 75CE59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] GDI32.dll!DeleteDC 761C6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] GDI32.dll!GetPixel 761CC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] GDI32.dll!CreateDCA 761CCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[1448] GDI32.dll!CreateDCW 761CCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.d... Read more

7 more replies
Answer Match 45.36%

My computer has been infected with virus and whatever they are. I have tried scanning with the following and removed the threats but they kept coming back each time I used the chrome browser. The infections are:
 
PUP.Optional.PricePeep
PUP.Optional.PricePeep
PUP.Optional.ReMarkIt PrxySvrRST
PUP.Optional.ReMarkIt PrxySvrRST
PUP.Optional.Yontoo
PUP.Optional.Yontoo
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by J K (administrator) on JK-THINK (02-09-2016 22:33:51)
Running from C:\Users\J K\Desktop
Loaded Profiles: J K (Available Profiles: J K & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program... Read more

More replies
Answer Match 45.36%

Please help me confirm that my PC is completely clean. I think I have removed the virus.

The problem WAS when I clicked on a Google search result I was redirected to a related advert.
Sometimes the sites I was being redirected to looked genuine enough, sometimes they looked like a web page full of adverts.

I am very sure that at least 2 of the sites I was being redirected to were genuine (Symantec and a site for solar panels). For instance I searched Google for 'google redirect malware' and clicked on a result that should have taken me to an article on a Google forum and instead I am taken to a Symantec web site that was advertising Norton products.

I have Norton 360 - it found nothing, 'ESET Online Virus Scan' found 'a variant of Win32/Kryptik.NCK trojan'. The file ESET found was called UTEDoray.dll which was located at C:\WINDOWS.

Thanks.

A:Redirect To Related Site

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKillerDouble-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.Any objects found, will show in the Scan results - Select action for found objects and offer three options.If an infected file is detected, the default action will be Cure...do not change it.
Click Continue > Reboot now to finish the cleaning process.<- Important!!
If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.Step 7 instructs you to scan your computer using Malwarebytes Anti-Malware. Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.Malwarebytes' may "make... Read more

11 more replies
Answer Match 45.36%

I've been trying to help a friend "fix" a PC (Macys.com redirects to various "porn-type" links) - and cannot seem to eliminate the source of this problem. I have run the standards (SpyBot/AVG/Ad-Aware/Trend/Bit Defender/Trend Housecall) and while each has located and repaired/quarantined/removed - the problem is still there. Here is HiJackthis Log and StartupList report for review.Logfile of HijackThis v1.99.1Scan saved at 9:22:45 PM, on 11/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exeC:\Program Files\Sony\VAIO Media Music Server\SSSvr.exeC:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exeC:\Program Files\Common Files\S... Read more

A:Ie Browser - Web Site Redirect

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available.A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and that you don't miss out any steps.If you have any queries about the process or just general questions, just ask.I think we should run AVG antispyware in safe mode and see what we find.There is a higher deletion sucess rate in safe mode.Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.Now reboot into Safe Mode.This can be done tapping the F8 key as soon as you start your computer You will be brought to a menu where you can choose to boot into safe mode. Make sure you choose the option without networking support.Open AVG again and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine.Click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared. Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended acti... Read more

17 more replies
Answer Match 45.36%

Hello all,
If you need more information, please let me know. This is my first time posting to the forum. My google/yahoo/bing search links are redirected to an ad site on both Firefox and IE. I've tried running AVG and Webroot, but neither can find anything wrong. Below is the HijackThis log. I appreciate any help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:36 PM, on 2/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 4900 Series\lxdrmon.exe
C:\Program Files\Lexmark 4900 Series\ezprint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Seagate\SeagateManager\F... Read more

More replies
Answer Match 45.36%

I hope i am folling rules right way. i have small repair shop and it seems to have got hjacked. when i hit ie type in addresws it goes but if i click on a link say in google after doing a seaerch it goes where it like and sae for FF. i have norton 360 running also now have triel of avg and i have tried this kaspersky 911 removal tool and it works the first time i click a search link then after that it hjacks it agin. i have ran scans all day othing works. i have my log so it qwill be posted below. its just a bestbuy compaq nothing fancey but i need it bad. any help would be thankfull very much so....

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Ultimate , 32 bit
Processor: AMD Athlon(tm) 7550 Dual-Core Processor, x64 Family 16 Model 2 Stepping 3
Processor Count: 2
RAM: 2942 Mb
Graphics Card: LogMeIn Mirror Driver, 3 Mb
Hard Drives: C: Total - 293688 MB, Free - 236605 MB; D: Total - 11554 MB, Free - 1629 MB;
Motherboard: PEGATRON CORPORATION, NARRA5, 5.00, MB-1234567890
Antivirus: AVG Anti-Virus Free, Updated and Enabled

hj log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:38 AM, on 4/20/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\vVX3000.exe
C:\Program Files\Common Files\Java\Java Update\jusche... Read more

More replies
Answer Match 44.94%

Hello,

I have no idea if this is a good forum to post this question, but I've run out of google search terms to try!

We want to supply a Kiosk at my work that runs IE in full screen mode (homepage is our site). We want IE 8 to auto redirect back to the homepage after a period of inactivity (say 5-10 minutes).

Is this possible, or is there a third party program which can accomplish this? We used to use Refresh2Page for firefox (but now want to switch to IE).
 

More replies
Answer Match 44.94%

THE VERSION OF MY INTERNET EXPLORER IS 6.

my question is, how can i auto redirect a website to Google.com whenever the browser tries to load it.

the site i want to redirect :- http://www.alliancekolkata.co.in
i want it to be redirected to : http://www.google.co.in

looking for some positive and brief replies..

thanks for all help and suggestions in advance..

thanks and regards
Shouvik

A:How to auto redirect a website

Quote:





Originally Posted by shouvik25


THE VERSION OF MY INTERNET EXPLORER IS 6.

my question is, how can i auto redirect a website to Google.com whenever the browser tries to load it.

the site i want to redirect :- http://www.alliancekolkata.co.in
i want it to be redirected to : http://www.google.co.in

looking for some positive and brief replies..

thanks for all help and suggestions in advance..

thanks and regards
Shouvik




Welcome to TSF,

The first item you should correct it to update your browser to IE 7.0 or even IE 8.0. The browser you are running now is not supported and you are vulnerable in the extreme using it. If you do not want to update IE, try CometBird. I use it and have nothing but praise for it.

As far as your question is concerned, could you give us further information, I do not understand the question at all, why would you want to redirect any website to google?

We always try to be brief and positive, but need to understand the question first...we are all volunteers too, and are here to help where we can.

kind regards,

9 more replies
Answer Match 44.94%

I am not familiar with website development, Java coding et al so please excuse any ignorance

How do you create an 'auto redirect script' if you want to move your site from one isp to another ? or, better still, are there any examples or free scripts available ?

thanks

ian.t
 

A:auto redirect scripts

place this code in the < head > of your site to redirect
PHP:

<meta http-equiv="refresh" content="1;URL=http://www.yournewisp.com/yourname">



 

3 more replies
Answer Match 44.94%

I have this weird adware I can't get rid of. First, it takes about 30 minutes before the google redirects starts, then the random new tab popup in firefox.I have tried, Malwarebyte, AVG, Superantispyware and SDFix but no luck.Here's my Malwarebyte log from yesterdayMalwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4173Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.1306/06/2010 8:45:32 PMmbam-log-2010-06-06 (20-45-32).txtScan type: Full scan (C:\|)Objects scanned: 354177Time elapsed: 1 hour(s), 43 minute(s), 4 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)HIJACKTHIS LOGLogfile of Trend Micro HijackThis v2.0.4Scan saved at 7:13:08 PM, on 07/06/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsas... Read more

A:Google redirect/auto new tab

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Download DDS:Please download DDS by... Read more

12 more replies
Answer Match 44.94%

Hi all,

Just then i tried to log into ebay and was met with a window which stated

"If you are seeing this page, your browser settings prevent you from automatically redirecting to a new URL"

I have looked and looke but i cant find the reason for this - i havent changed anything from yesterday and this crap starts. AGGHH.

Also cant get into hotmail and so on and so forth - well any site that requires a redirect for that matter..

Any wise words for me?

Cheers

Sam Hannan
 

A:How can i set my browser to allow auto redirect?

6 more replies
Answer Match 44.94%

My dads laptop is on its death bed. 2 days ago dad noticed that it started having problems with website redirect in every browser, and a win32 error. I have tried anything i can think of, so now it is only hijackthis left. So...if you need the other logs as stated in the stickied thread on how to post, let me know however i doubt it would help.


Anyways...please help asap. This is his portable business computer and the only one he can use.

w00t tsf?



===========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:05 PM, on 3/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\S... Read more

A:Site redirect/win32 error

Here is the rest of the stuff




DDS (Ver_09-03-16.01) - NTFSx86
Run by Dude at 21:17:54.14 on Mon 03/30/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.514 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090319-0] *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Documents and Settings\Dude\Application Data\U3\00001889E575621E\LaunchPad.exe
C:\WINDOWS\explorer.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.goog... Read more

1 more replies
Answer Match 44.94%

Once in awhile, when I click a link, my browser redirects me to a site called findGala.com. What is that site, and how do I stop the redirects?
 

A:What is findGala and why does my browser redirect to that site?

14 more replies
Answer Match 44.94%

I'd like to be able to view the mobile counterpart of certain websites instead of the regular webpage while browsing with Firefox on a regular computer. Is there any way to do this?

For instance, let's say I want facebook.com to redirect to m.facebook.com when I click a link or go to the website (or how ever I happen to get to that domain). But at the same time, I don't want BBC to forward to its mobile site. I'm aware of user agent switching, but I'm not sure how that could be implemented to only forward certain sites, and isn't actually all that helpful for sites that don't force the redirect.

I most often use XP and Firefox for times when I would need this to work, but a cross-platform solution (OSX & Ubuntu, Opera & Chrome) would be nice too.

I've googled this a bit, but any potential info was buried by redirect how-to's for webmasters.

Any suggestions appreciated!
 

More replies
Answer Match 44.94%

I started having trouble after clicking an adobe update on a fake video that had comments supposedly from friends including their contact info.
since then i am being redirected when i click on google search results , facebook has claimed to be down for days and after downloading and running malwarebytes im receiving site blocked pop up notifications. the first scan found and removed many malicious files and the last only one. i disconnected the modem and ran the scan to remove 1 bad file and ran again to find none but as soon as i plugged in the modem site block baloon pops up and im still being redirected.... PLEASE HELP

A:redirect problems and site blocks

You are still infected. We cannot help you with malware removal here because of Forum Rules. Please click on the Virus/Trojan Help link in my signature and post there for more help.

1 more replies
Answer Match 44.94%

Hello: Occassionally, I get redirected to this site: http://scanner.av2-site.info/scan.php?camp...93&landid=6 and a fake scanner page begins to run. I was using Avira but it did not stop it so I switched to AVG and it will stop it. I have scanned the pc with Malwarebytes, SuperAntiSpyware and several online scanners. Nothing is ever found. Those same programs will not get updates yet I am usually able to surf the internet okay.AVG reported the problem as Exploit Rogue Scanner (type 1031).Edit to add that Malwarebytes will no longer run nor can I uninstall it. I get automation errors. I can not go to any site that contains malwarebytes either.Below is the HijackThis log. Thanks for any help. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:17:22 AM, on 3/28/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18372)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Pro... Read more

A:redirect to scanner.av2-site.info

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Answer Match 44.94%

I have followed the Preparation Guide instructionHere is my detailed problem:On Saturday morning 3/13, I tried to open a Facebook game via Internet Explorer. The website is apps.facebook.com/eastvalleytch. After I logged in, it was loading the game, then half way through, i saw the status bar at the bottom showing it was redirecting to a google seach. Then, suddenly, it takes me to Dell Home Page (my computer is a Dell computer), with this link below, and it states "Sorry, We couldn't find hxxp://paytech.cn/promote/pro.swf%3Ffb_sig_in_iframe%3D1" full link on the address bar is this:hxxp://www.google.com/hws/dell-usuk/afe?hl=en&channel=us&s=http://paytech.cn/promote/pro.swf?fb_sig_in_iframe=1&fb_sig_iframe_key=9bf31c7ff062936a96d3c8bd1f8f2ff3&fb_sig_locale=en_US&fb_sig_in_new_facebook=1&fb_sig_time=1268715707.6715&fb_sig_added=1&fb_sig_profile_update_time=1267581701&fb_sig_expires=1268722800&fb_sig_user=674331920&fb_sig_session_key=2.AY3CGWEOh_vl2X3Rsc0JSA__.3600.1268722800-674331920&fb_sig_ext_perms=email%2Cauto_publish_recent_activity&fb_sig_api_key=6300f2e1717b58bfb823bee6d87a4c36&fb_sig_app_id=313113040704&fb_sig=aeff616b803af4076fb55b38ad04fa61I tried playing the game in FireFox, and it works fine (no redirect to the google search).Here is the DDS txt that I saved by following the Preparation Guide:DDS (Ver_09-12-01.01) - NTFSx86 Run by Chi-Mei at 18:26:48.70 on Mon 03/15/2010Internet Explorer: 8.... Read more

A:automatic redirect to other site (Virus?)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 44.94%

Everytime I try to click on a link it will redirect me to random websites. I have also tried to run a system restore and my computer will not progress. Here is my registry ran from Hijack this. Can someone help me determine what I need to delete to get rid of this? I also ran CounterSpy and that didn't fix the problem.
Thanks.
Timothy




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:53 PM, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1153747052\ee\AOLSoftware.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Suppor... Read more

A:Help Please!!! All links redirect to random site.

Best thing to do is follow the steps outlined here and be patient - the security analysts are always kept busy - so many malwares, trojans and viruses (virii?) out there these days.

2 more replies
Answer Match 44.94%

I started having trouble after clicking an adobe update on a fake video that had comments supposedly from friends including their contact info.
since then i am being redirected when i click on google search results , facebook has claimed to be down for days and after downloading and running malwarebytes im receiving site blocked pop up notifications. the first scan found and removed many malicious files and the last only one. i disconnected the modem and ran the scan to remove 1 bad file and ran again to find none but as soon as i plugged in the modem site block baloon pops up and im still being redirected.... PLEASE HELP btw i have no access to my windows install disk or reboot

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by PWtattoos at 5:20:42 on 2011-11-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.1977 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svc... Read more

A:redirect problems and site blocks

I had removed anything that was dated for the last couple of days by way of uninstall programs, all except for malwarebytes. there were a couple of adobe programs that i removed and i figured that i could simply install flash player again if I needed it, once my laptop was clean, since the virus came from a page that claimed I needed a newer version of flash player and I am fairly sure that's where I downloaded the dirty file (installing newer version of flashplayer). now every couple of minutes an unprompted install bar pops up in a window at the top left of my screen and proceeds to climb to 100%. It's titled adobe flash player something or other. next a window asking me to agree to terms and continue install of flashplayer, I've been selecting quit but in about ten minutes it's back. if I leave the computer for a period of time when I come back there are multiple windows all the same (adobe flash player) telling me that it could not continue install because one was already in progress or something like that and beneath them is one of the ones asking for me to agree to terms and continue....I have no clue what is launching these installations as I have even deleted all versions of adobe software but the one from 10/1/10 and i believe thats when i bought this laptop from walmart

3 more replies
Answer Match 44.94%

This is my first post here, hope it is in the right place.

Yesterday morning I started to have a problem with Google and all search engines. When I go to search for anything the results come up but when I click on a result I directed to one of several ad sites, or what appear to be search engines I never heard of.

I am using Windows XP Pro and this happens in both IE and Firefox

On any search engine I can type in a term get a valid lists of links but when I try one of those I directed to a site unrelated such as Orbitz, Yellow Pages or unknown search enginge.

I cannot access any sites that may help me solve the problem, such as this site or sites to downlaod anti-malware programs get the message that page exiss but it is unable to connect. Other sites seem to work fine.

I am unable to do a system restore to a past date. I get thru everything but when I hit the final step it just sits there. I tried this in both regular and safe modes. Here is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:36 PM, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfsw... Read more

A:Please Help Search Redirect and Help site Block

Hello and welcome to TSF.

Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please perform the following:Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.

1 more replies
Answer Match 44.94%

Hi, I found you guys after a search turned up this forum post from 2003. Basically, I have a website I update periodically with ipage.com but recently when I go to that site I am redirected to qksrv.net/media/offers, just like in the 2003 post. In that post he mentions finding qksrv.net in his HOST file, however I don't have that - in fact I don't seem to have anything in that file (it's pasted below).

Things I've done:
1 Spybot - nothing found
2 Malwarebytes - nothing found
3 Hard drive search for qksrv - nothing found
4 Tried a different browser - so far both Firefox and Chrome give the same error
5 Run hijackthis (log below)
6 Checked HOST file for qksrv (host file pasted below)

I appreciate any ideas you have for getting rid of whatever this is. Thanks!

The tsgsysinfo gives me this, although I am running AVG anti-virus :
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: AMD A8-7600 Radeon R7, 10 Compute Cores 4C+6G, AMD64 Family 21 Model 48 Stepping 1
Processor Count: 4
RAM: 7091 Mb
Graphics Card: AMD Radeon(TM) R7 Graphics, 1024 Mb
Hard Drives: C: Total - 1880839 MB, Free - 1342865 MB; D: Total - 119108 MB, Free - 74959 MB;
Motherboard: LENOVO, Bantry CRB
Antivirus: Windows Defender, Disabled

HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:34:42 PM, on 2/10/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 43.0.1 ... Read more

More replies
Answer Match 44.94%

I don't know how I got the malware or spyware.

I would use Mozilla or IE6 and both would send me to another link from Google or yahoo, like mountaincoupon.com. Also I found out it bans me from getting the www.bleepingcomputer.com, free-av.com and other malware sites. Also I can't do a system restore.

Please help.
DDS (Ver_09-02-01.01) - NTFSx86
Run by AJ at 17:06:26.34 on Fri 02/13/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.463 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\Progr... Read more

A:Google redirect and it has banned this site

hi,

Your log is several days old. If you still need help, simply reply to my post.

15 more replies
Answer Match 44.94%

I apologize if I'm duplicating my previous post, but I can't seem to find it after being informed it was moved to this forum a couple days ago. I haven't received anything since and I can't find the post with a search.

My home page is yahoo. When I do a search, I get results as usual, but when I click on one, another random site appears in the address bar and I end up on google. I haven't really tried to do anything from google, so I'm not sure what would happen if I do, although I've gotten a clue from what others have posted.

I've tried doing a system restore, but for every date I pick, it says it was unable to restore and no changes were made. This computer has been out of my control for an extended period of time, and I know it has has a virus problem about a month ago (some fake virus protection), so right now, I'm kind of afraid to touch anything without guidance.

I ran Norton Virus Scan and it came back with 1 virus threat called Trojan.Adclicker, which except for the redirect to google, seems to mimic the problem. Norton gives instructions for a manual removal, but would like confirmation before proceeding.

One more problem...it's been a while since I've messed around with my computer, but in XP Home, in START, RUN, isn't "configsys" a valid request? When I type it in, it says the file cannot be found? Is this another problem?

Should I start looking for my reinstall disks?

Using Windows XP Home SP3.

... Read more

A:IE redirect to random site to Google?

Hello, this should work for you.

Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
Then search for ?TDSSserv.sys?
Right click on it, and select ?Disable?
Note: If you select Uninstall, it will install itself again when you reboot the system, so DON?T select Uninstall.
Restart your pc.
You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.
Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user?s like myself to save the world
In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won?t update

Update you Malwarebytes and run full scan. ComboFix is another great utility that will remove it. I would instruct you on how to use it but I am not allowed to. Hopefully a Moderator will chime in and do the instructing on Combofix.

6 more replies
Answer Match 44.94%

I am new to this forum.

I have contacted Mcafee and they claim (after going through my system) that my computer is virus-free.

I have a Dell Dimension 2400 Desktop computer and I am using the following:

MicroSoft XP Home Edition with Service Pack 3 version 5.1.2600
Pentium 4 2.53 GHz
Internet Explorer 8 version 8.0.6001.18702
Comcast high-speed Internet
Mcafee Virus Protection - scanned - no viruses detected
Malwarebytes - scanned - no malware detected
Ad-Aware - scanned - no critical adware detected - only cookies

When I do a GOOGLE or MSN search and click on the results - I am re-directed to another site that is usually selling something. However, if I copy the url and paste into the address box it seems to work OK.

A:Browser Results Redirect to another site

Welcome to BCWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr===========================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on... Read more

10 more replies
Answer Match 44.94%

Help I have been working on this for three days!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:51:59, on 8/20/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16711)Boot mode: NormalRunning processes:C:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\WTablet\Pen_TabletUser.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Apoint\ApMsgFwd.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Sony\VAIO Camera Utility\VCUServe.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Babylon\Babylon-Pro\Babylon.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Windows\System32\mobsync.exeC:\Windows\System32\hkcmd.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrot... Read more

A:Firefox And Ie Redirect To Wrong Site

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

2 more replies
Answer Match 44.94%

I occasionally get redirects to some site advertising something about xvid when using chrome. It doesn't happen on firefox (which I have noscript enabled on if that makes a difference).

I read that others have posted similar problems and I was wondering if I could get some help here.

A:Redirect to xvid site - updatesearch.org

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Please download GMER from here(doesnot work on 64 bit OS)http://www2.gmer.net/download.phpTemporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply. DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here

10 more replies
Answer Match 44.94%

Host is a WinXP SP3 laptop. User was searching Bing when he was redirected to a site with the domain name czec.cc. The site initiated some sort of bogus file scan claiming to have detected numerous trojans followed by an enticemnt to initiate some removal process.

I followed the steps for removal of the XP Total Security malware but was unable to update Malwarebytes (error 12007, 0) following installation. Despite the definitions being out of date, I ran the scan which turned up nothing.
DDR.txt follows. Attach.txt and Ark.txt attached. DeFogger used as instructed.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by jcheff at 12:05:19.09 on Tue 05/17/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1434 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common File... Read more

A:Bing Redirect to Rogue Site

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 44.94%

Hello...  I have a problem.
 
Using Windows 7.
 
Within browser (Chrome), I can do a search, and then when I click one of the links, I am redirected to a different site... Siteadvisor jumps and asks if this is what I want to do.  Multiple windows would open.
 
What I did:
 
-  Uninstalled Chrome
-  Ran full scan with McAfee... nothing.
-  Run full scan with Malewarebytes... nothing.
-  Run scan with DoctorWeb... found three items... had them neutralized
 
After doing this, IE worked fine... search / link / no issue
 
Downloaded Firefox... tested... search / link / no issue
 
Downloaded Chrome... test... search / link... problem resurfaced!
 
Right now, I have removed Chrome again and running DoctorWeb again.
 
Other possibilities?  
 
Thanks!

A:Browser Link - Redirect to Different Site

Uninstall Chrome completely.
 
Close all Chrome windows and tabs.
Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
Install fresh copy.

19 more replies
Answer Match 44.94%

Hello, I am new here and need help on my google search.
When I do a search on google(actually yahoo as well) using IE, the outcome results always link to some ad-links beginning with extratyper.com.............. and then to links beginning with www2.searchredirect........ I have no problem to search on google and yahoo using Firefox. I would like to have your help on this issue, thanks very much.

I have the factory boot CD.




DDS (Ver_09-12-01.01) - NTFSx86
Run by Evil Cat at 23:19:09.21 on 09/12/2009 星期三
Internet Explorer: 8.0.6001.18702
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\... Read more

A:My google search redirect to ad-site

BUMP, please

1 more replies
Answer Match 44.52%

DDS File is below and ARK and ATTACH files are attached.

Thank you for your time spent helping me with this.

About 2 weeks ago I downloaded the new version of Internet Explorer.
Since then, all sorts of annoying stuff keeps happening.

First off, I kept getting some XP Antivirus Pro popup that would come up and prevent me from going to any other website.
It would pop up and say that the site I was visiting was potentially dangerous and that I better register the Antivirus software.

I ran Spybot and removed the problem. Then it happened a few days later, so I deleted it again with Spybod S&D. It hasn't come back in about 5 days.

My problem now is that when I use yahoo to search for something, it seems to only list those "directory websites" in the search results. By directory sites I mean sites like, lowpriceshopper.com, shoppingtiger.com, similarfind.com, and couponmountain.com.

No legitimate websites are listed at all.
When I go to page 2 of the results, I am automatically directed to a site called nonstopwebspeedway.net. This site automatically directs me to shoppingtiger.com/Links edited to protect users

After running SPYBOT, CCLEANER, and ADAWARE, the problem changed a bit.
Now, when I search on Yahoo, I get legitimate search results.
However, when I click on one of the result links, I get direct to a site called lovetheaweblife.com and then I am directed immediately to shoppingtiger.com.



DDS (Ver_09-05-14.01) - NTFSx86
Run... Read more

A:Auto-Redirect from Yahoo to Shoppingtiger.com

Hello and welcome to TSF.

Please note that the fix will require more than one round to properly eradicate. Stay with me until you're given the "all clear", even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions in the order they are presented, and please do no self-fixing or running of scanners unless requested by me or another helper at this forum.

===========================

What version of Adaware is installed on your machine, Free, Plus or Pro? The reason I am asking is because the Free Edition does not have the antivirus component. If you're using the Free edition, you are wide open to infections without the protection of an antivirus.

===========================

Please disable Adwatch so that it will not interfere with the fixes.

To disable Ad-Watch's Automatic Function:Right-click on the Ad-Watch icon in the system tray
Select "Restore Ad-Watch"
At the bottom of the screen you will see 2 options -- Active and Automatic.
Uncheck Automatic (red X).
Note: With Ad-Watch it is vital you accept any changes that may be alerted by Ad-Watch during the cleanup process

============================

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not int... Read more

7 more replies