Tech Problem Aggregator

Redirecting When Visiting Websites

Q: Redirecting When Visiting Websites

Hello all,
I am having a problem with all of the browsers on my computer directing to a spam search site when I try to visit certain websites.

I believe the problem started when I installed this software to help me switch audio output very easily:
http://www.sevenforums.com/customization/65079-anyway-use-hotkeys-switch-sound-output.html

I've done the following:
1) Run updated Malware bytes Anti Malware
2) Run TDSS Rootkit Remover Tool by Kaspersky.
3) Run Virus Remover Tool by Kaspersky.
4) Reset my cookies in Chrome.
5) Read the "Before posting a log" on this forum (the sticky post).
6) Updated my notification options as recommended.
I could not run GMER as I'm running Windows 7 64 bit.

I've attached my DDS/Attach/Hijack logs.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Nublard at 12:30:59 on 2011-11-19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8187.6350 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nublard\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Nublard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = 210.212.5.73:3128
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [Google Update] "C:\Users\Nublard\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\Users\Nublard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: mozilla.org\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{BCEB2523-C180-49F6-9F03-212B88E173C6} : DhcpNameServer = 68.87.71.230 68.87.73.246
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRunOnce-x64: [GrpConv] grpconv -o
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2011-9-21 185632]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2011-9-21 211232]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
RUnknown 6777473drv;6777473drv; [x]
RUnknown 71366055;71366055; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2010-5-13 21712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-19 17:25:16 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-17 02:15:55 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-11-17 02:14:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-11-17 02:14:59 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-11-17 02:14:29 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-11-17 02:14:29 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-11-17 02:14:29 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-11-17 02:14:29 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-11-17 02:14:29 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-11-17 02:12:51 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-11-17 02:12:19 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-17 02:12:19 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-17 02:12:19 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-17 02:12:19 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-17 02:11:52 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-11-17 02:11:51 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-11-17 02:11:51 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-11-11 05:13:58 -------- d-----w- C:\Users\Nublard\AppData\Local\Skyrim
2011-11-08 22:28:59 -------- d-----w- C:\ProgramData\Ironclad Games
2011-11-08 00:59:41 -------- d-----w- C:\MGADiagToolOutput
2011-11-07 02:15:39 -------- d-----w- C:\Program Files (x86)\Stardock
2011-11-07 01:29:27 -------- d-----w- C:\Users\Nublard\AppData\Local\Ironclad Games
2011-11-06 01:18:05 -------- d-----w- C:\Users\Nublard\AppData\Local\Plex Media Server
2011-11-06 01:17:18 -------- d-----w- C:\Program Files (x86)\Plex
2011-11-06 01:05:17 -------- d-----w- C:\Users\Nublard\AppData\Local\Nero
2011-11-06 01:02:52 -------- d-----w- C:\Program Files (x86)\Nero
2011-11-06 01:02:34 -------- d-----w- C:\ProgramData\Nero
.
==================== Find3M ====================
.
2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 12:31:29.59 ===============

A: Redirecting When Visiting Websites

Hi,

you mentioned running a number of tools in the beginning, did they all come back clean? I'd be in particular interested in the tdsskiller log.

regards myrti

12 more replies
Answer Match 66.36%

  
Quote: Originally Posted by Casuaisxtynine


Really really random bsod's. help please! :<


This is a repost.. I'm sorry for this but I need help

A:BSOD - Visiting websites

Hi Casuaisxtynine.

Click on the button below ....



It will download the DM log collector. Right click on the application and run as administrator. It will generate a .zip file on your desktop. Upload the .zip.
Screenshots and Files - Upload and Post in Seven Forums

9 more replies
Answer Match 66.36%

Really really random bsod's. help please! :<

A:BSOD - Visiting websites.

Code:
BugCheck 116, {fffffa80046bb010, fffff88003bb045c, 0, 2}
This bugcheck indicates that an attempt to reset the display within the allocated time interval failed, hence the bugcheck.
This isn't a typical bugcheck in terms that this only happens when the graphics card doesn't respond either because of a bad driver or the GPU is faulty.


Code:
2: kd> KnL
# Child-SP RetAddr Call Site
00 fffff880`05a7a1c8 fffff880`0414b054 nt!KeBugCheckEx <-- The BSOD crash
01 fffff880`05a7a1d0 fffff880`0414ad5e dxgkrnl!TdrBugcheckOnTimeout+0xec <-- Instruction telling the system to crash if the graphics card doesn't respond.
02 fffff880`05a7a210 fffff880`0400ff13 dxgkrnl!TdrIsRecoveryRequired+0x1a2 <-- Telling the system to run a display recovery.
03 fffff880`05a7a240 fffff880`0403ded6 dxgmms1!VidSchiReportHwHang+0x40b <-- This reports the graphics card has hung.
04 fffff880`05a7a320 fffff880`04023ce9 dxgmms1!VidSchWaitForCompletionEvent+0x196
05 fffff880`05a7a360 fffff880`04026be7 dxgmms1!VIDMM_GLOBAL::xWaitForAllEngines+0x1e9
06 fffff880`05a7a460 fffff880`040252d8 dxgmms1!VIDMM_GLOBAL::SetupForBuildPagingBuffer+0xd7
07 fffff880`05a7a4a0 fffff880`0402522e dxgmms1!VIDMM_GLOBAL::UnmapVideoApertureSegmentInternal+0x34
08 fffff880`05a7a630 fffff880`0402e77e dxgmms1!VIDMM_GLOBAL::UnmapVideoApertureSegment+0x13e
09 fffff880`05a7a6a0 fffff880`0402e527 dxgmms1!VIDMM_APERTURE_SEGMENT::UnmapApertureRange+0x7a
0a fffff880`05a7a6f0 ff... Read more

8 more replies
Answer Match 65.94%

We recently added a filter to our computer because of our children. Each week we get a report on sites that we attempted to be opened, but are blocked. There are several, but one in particular is on there all the time and has a high percentage. I am wondering if anyone recognizes it and if it is possible that somehow there is something on our computer that is automatically leading us there. We have not gone to it ever as far as I know.

It is: eserviceds1x.us.dell.com

We have both AdAware SE and Spybots and run them regularly.

Below is our Hi-Jack this latest run:
Logfile of HijackThis v1.98.2
Scan saved at 11:49:24 AM, on 10/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\873374_eng.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy C... Read more

A:Websites visited that we aren't visiting??

Hi MNgirl,

1 Download LSPFix from http://www.cexx.org/lspfix.htm .

2 Create a permanent folder like C:\Program Files\LSP and extract the download zip file into that folder.

3 Log your computer in safe mode (hit F8 many times during booting procedure);

4 Disable your System Restore : have a look to Disabling or enabling Windows XP System Restore ;

5 Close all open windows - it is very important;

6 Run LSPFix : click only the Fix button;

7 Reboot normally and post a new HijackThis log.
 

3 more replies
Answer Match 65.94%

I am rephrasing the question to be more specific. I cannot see how my first request was inappropriate. I have not needed to set up a network in years, so I hope someone has the answer to my question.

I am paying for my home internet, and I do not want anyone visiting pron websites. Is their any tool that can alert me if one of my friends is accessing inappropriate material on the website. Someone closed my question before, so I guess knowing how to share their internet histories is NOT the proper answer.

I will not stand for people looking at bad websites, so I hope someone can point me to a decent solution.
 

A:I need to make sure users are not visiting bad websites

6 more replies
Answer Match 65.94%

I have a:
Gateway laptop Gateway Laptop
MX6433
AMD Turion 64 mobile
Technology ML-30
1.59 GHz, 448 MB of RAM
Windows XP Media Center edition (service pack 3).

I bought it two years or so ago. Since as long as I can remember I have had this problem.

when I am on my browser (I use chrome, firefox, and IE) my wireless connection will cut out after a while. I have noticed that if I am on just one site (example: Pandora.com) it can be fine for hours. But once I start going to different sites, I eventually get kicked off. It can be any website, Facebook, youtube, etc.

When I lose connectivity, I refresh my wireless connections and only the printer comes up. If I try to right click on the tray icon to repair internet connection, it freezes. I am guessing that this is a hardware problem. (?) Though I'm not extremely technical with computers, I know my way around most issues that can arise.

I have reformatted my hard drive (twice) and all my software is up to date. I have run AVG scan and Ad Aware scan hundreds of times. Can anyone offer assistance? Thank you very much!
 

More replies
Answer Match 65.1%

Hey guys,

I have a friend who has an adult filtering program on his computer. I get a daily email with all of the sites his computer goes to. I know that they are not visiting these sites personally, so, there has to be some malware/adware that is causing it. I also learned today that there are a number of popups, probably related to these sites.

The websites are:

msn.com yahoo.com, foxsports.com, youtube.com, yimg.com, microsoft.com, facebook.com, gamevance.com, conduitservices.com
Also - it has been running slower as of late.

Thanks for the help.

Jeremy

A:Vista Laptop - visiting certain websites automatically every day

I hate to use the word "Bump," but, I just wanted to send out a reminder....

6 more replies
Answer Match 65.1%

I've been able to run a few scanners, Avast!, Spybot S&D, AVG, etc- spybot found a few things, and deleted them. The online webscanners like panda and trend micro won't allow me to goto the sites, because whatever the virus is takes me to another site/weberror even if I type it straight into the adress bar. I ran stinger and it found no errors, following is my hijackthis logfile.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:37:14 PM, on 9/15/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Spy... Read more

A:Doesn't Allow Visiting Of Anti-spyware Websites

Hello Shoyu,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Answer Match 65.1%

is it safe to visit a website that has been attacked with SQL injection? ..as an example google www.wowyeye.cn www.killwow1.cn and look at the websites that have been compromised by these Chinese domains, if by chance if you surf to a site "taken over" can that website with the attack host files be downloaded to your browser?
 

A:visiting Compromised websites -SQL Injection ATTACKS

6 more replies
Answer Match 64.26%

As the title states, after visiting some potentially dangerous websites, my laptop is acting a little strange. I'm concerned that a trojan virus or the like may be capturing my data/passwords. I would greatly appreciate any assistance! Below is my generated  FRST.txt log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-06-2016 02
Ran by Oracle (administrator) on ORACLE-PC (06-06-2016 15:14:36)
Running from C:\Users\Oracle\Desktop
Loaded Profiles: Oracle & UpdatusUser (Available Profiles: Oracle & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Atheros ... Read more

A:Suspicious behaviour on laptop after visiting questionable websites

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Remove this program via the Control Panel > Programs > Programs and Features applet.Driver Downloader v3.2 (HKLM-x32\...\Driver Downloader_is1) (Version: 3.2 - PDE Publications Limited)===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(PDE Publications Limited) C:\Program Files (x86)\Driver Downloader\DDTray.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1473783762-3503634554-1593080487-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-06-02] <==== ATTENTION
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50... Read more

0 more replies
Answer Match 64.26%

Upon visiting websites, a pop up comes up (screenshot available upon request) informing me to contact my ISP (which is the correct one) and a phone number to call. Some annoying voice also speaks this and can only be terminated via the task manager. Everything that has been done so faris outlined in previous correspondence here: http://www.bleepingcomputer.com/forums/t/590600/possible-malware-informs-me-to-contact-isp-when-visiting-websites-to-remove-it/
 
All browsers are affected and seems to be triggered mostly by stream2watch.com but is not limited to there as I get the message randomly on other sites (ESPN, CNN, Bleeping computer included)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by justin (administrator) on ROCKHOUSE-PC (20-09-2015 05:23:17)
Running from C:\Users\justin\Downloads\Virus Removal Tools 9.16.15 in order
Loaded Profiles: justin &  (Available Profiles: justin & Administrator)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Codebox Software) C:\Program Files (x86)\C... Read more

A:Possible malware informs me to contact ISP when Visiting websites to remove it

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Ammyy LLC) C:\Users\justin\Downloads\AA_v3.exe
HKLM\...\Policies\Explorer\Run: [Mpk.exe] => C:\Program Files (x86)\KGB\Mpk.exe
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (No Name) - C:\Users\justin\AppData\Roaming\Opera Software\Opera Stable\Extensions\mhgklikgljbhnomlmhmondmafldgmojo [2015-08-31]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe &... Read more

16 more replies
Answer Match 64.26%

OS = Windows 10, effects all browsers used (slimbrowser, slimjet, IE11, Firefox w/noscript running, Chrome, Opera, these are the only ones i tried)
 
When browsing to a website (typically seems to be stream2watch) but others randomly trigger a message that informs me to call my ISP to remove malware, and a fake blue screen error withing a browser windows behind that. This can only be terminated by ending the task within task manager. ALT+F4 does nothing, just sends it repeating.
 
I have Secure A Plus running along with Superantispyware, both have run a full scan and to no avail minus piddly tracking cookies in SAS. ADW cleaner also has been run after the fact. No repeat customer seem to appear.
 
I have a screen capture if you would like to see it, and hope to get this resolved, it gets very irritating. Thank you
 
 

A:Possible malware informs me to contact ISP when Visiting websites to remove it

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

20 more replies
Answer Match 51.66%

My operating system is Windows Vista, and I use Google Chrome. Several times, I will type in the address of a website (e.g. www.amazon.com) and I get another one altogether (e.g. www.walletpop.com). I'm not sure where the problem is. Has anyone tracked this down? Is it with my ISP, or my router, or my computer? Is this a virus, or other malware, or what? Any idea how to fix it?

Any help is very appreciated. Thank you.

-Nicholas Dwork

A:Websites Redirecting

Hi there

With the issues that you describe, I recommend that you follow our instructions for malware removal help which can be found here - NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Do not post your logs back in this thread - follow the guidance in the above link!

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply from a helper - it may take a few days.

1 more replies
Answer Match 51.66%

Hi! I am in need of serious help becuase i think im infected with something but dont know. Every time i try to click on a link i am redirected to all these ad websites and random search engines. I downloaded Hijack and here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:58:38 PM, on 8/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:38:48 PM, on 8/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Rogers Online Protection\Rogers Online Protection\rps.exeC:\Program Files\Lexmark 2300 Series\ezprint.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\Program Files\Common Files\Real\Update_OB\... Read more

A:Redirecting Websites (NEED SERIOUS HELP!!)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 51.66%

Hi there, google keeps directing me to other websites when I click on the results. Was using firefox, now that doesnt work at all now using chrome, and uninstalled ie. If you see any other suspicious progs lemme know as I downloaded something a while ago which wasnt good.
Problems with gmer are: when i first open it it says could not load driver as an instance is already running, then i carried on anyway with most the boxes being unable to be checked then after three quarters of an hour it says no system modifications are present. Comps also slowed alot....
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Mikel at 16:15:07 on 2011-11-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1565 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\W... Read more

A:Redirecting to other websites

HelloI Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

3 more replies
Answer Match 51.66%

Hello, I'm new to this website. The reason I'm posting is because everytime I do a google search (or a yahoo search) I get my results, but when I click on something, it redirects me to another website. They're usually the same website, but sometimes others come up as well. I don't know a lot about computers, so you're going to have to tell me what I need to tell you so you can help me. I have Norton, but as I'm finding out on these forums, it's not very helpful. I tried running malwarebytes and it found one thing which I deleted, but it hasn't solved the problem. I don't know what else to do, so hopefully someone can help me out.

A:Redirecting to other websites

Start a new topic in the Secuirty Forum - I'm I infected? What do I do?

6 more replies
Answer Match 51.66%

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:38:46 PM, on 7/8/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Users\Z\AppData\Roaming\dwm.exe
C:\Users\Z\AppData\Local\Temp\csrss.exe
C:\Users\Z\AppData\Roaming\Microsoft\conhost.exe
C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwl... Read more

A:Websites redirecting

13 more replies
Answer Match 51.66%

Hi guys, to start off, I'll tell you what this virus/trojan or whatever does. When I search something up on a search engine and click on the link of a result, it takes me to some random website. A common website is stop-spyware.net. I can't X out of Mozilla and I must ctrl+alt+del to close out Mozilla. Other websites include: aranet.org, bashfr.com, bookcrosser.com, casasa.com, condea.com, and toseeka.com. Another problem is that every time I try to run RootRepeal, my computer crashes and restarts on me. It shows a blue screen quickly with letters and numbers on it and then crashes. On restart it simply says, "System has recovered from a serious error." I only got this virus/trojan after I let my nephew use my computer. Sorry that I wasnt able to attach the Ark.txt, I kept crashing while running it as posted above.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Ahsan at 14:45:38.26 on Thu 08/20/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.564 [GMT -5:00]

AV: AVG Internet Security *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:&... Read more

A:Redirecting websites!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 51.66%

I've run numerous programs, AVG, Malware, Avant, Spyware Doctor, to no avail. Please help. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:35:00 PM, on 8/5/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Acronis\TrueImageHome\Timoun... Read more

A:Redirecting to websites!

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

7 more replies
Answer Match 51.66%

I'm randomly getting web page redirects, even from this site.

I ran Microsoft Security Essentials. It found, and supposedly removed three viruses:
Trojan.Win32/alureon.CT
Trojan.JAVA/Selace.M
Exploit.JAVA/CUE-2008-5353.c

Malewarebytes found nothing.

I'm still getting web pages redirected.

I'm running Windows 7 operating system. Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 4:38:14 PM, on 3/7/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Nero\AdvrCntr4\NeroPatentActivation.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ... Read more

More replies
Answer Match 51.66%

I'm running a Windows XP and have encountered the above problem. Clicking on a page I'm currently on and out of nowhere I get redirected.
 
I have been having 'reminders' from adobe to update my flash, well yesterday I downloaded new software from said Adobe. As soon as this was installed, the redirecting me other other websites and also pop ups started.
 
I have since then, run my virus protection, all areas scanned, all drives individually  C:\  F:\  G:\ 
All programs installed on that date are uninstalled. I've run computer in safe mode and I'm still experiencing the problem.
 
Also I have to add I did check this forum out earlier for advice and followed a few things to download and try but I can't be specific of what I tried. Anyway, problem still here :-( 
 
Please could someone give step by step advice on what to do?
 
Many thanks
Becky
 
6. Lastly, before hitting that POST button, take the time to read what you are posting from the point of view of someone trying to help and ask yourself, "is this as clear as I can make it?" When your problem is resolved, remember to add a final reply letting everyone know what worked; this effectively closes the thread as well as validates the solution offered. 

A:Pop up redirecting me to other websites.

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

21 more replies
Answer Match 51.66%

Hi

Internet Explorer is constantly redirectly to websites.
Windows 7 - HP Pentium Laptop
Sometimes it tells me it is unable to open websites for no apparent reason.
I ran DDS but am unable to run GMER. I downloaded it and extracted it but I can't do anything to it when the screen opens (will not let me check or uncheck any boxes in the window)
THANK YOU in advance!

Here is my DDS LOG

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by maggie at 14:56:57.67 on Tue 01/04/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1224 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svch... Read more

A:IE is redirecting and pop up websites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

31 more replies
Answer Match 51.66%

When I search for websites using IE explorer and click on a result it redirects me to a spam type site such as find.stuff. com. Sometimes it even takes bookmarked sites that I have bben using for years and redirects/hijacks them. Here is the log.

Thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:45 PM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~... Read more

A:Need Help- Redirecting websites

8 more replies
Answer Match 51.24%

Recently, I have been getting redirected to random websites when I click on Google search results. I tried twice to run GMER, but my system crashed.

I have a IBM Thinkpad, which I believe has the Windows install included. I do not have a separate install disc.

Here is DDS.txt:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Julieta at 12:18:10.03 on Sun 02/13/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft? Windows Vista? Business 6.0.6002.2.1252.1.1033.18.2006.724 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\Sy... Read more

A:Redirecting to random websites

I think I have solved the problem.

2 more replies
Answer Match 51.24%

Hi All, I am currently having a problem on my laptop, when I enter
http://facebooklikes.com (my domain hosted on a reseller account through Hostgator)
into my browser it gets redirected to a page operated by Searchdiscovered.com , if I try to access http://facebooklikes.com on my desktop it goes to the correct site which is a new wordpress installation I recently made. I also deleted my facebooklikes.com account with hostgator and then re-opened it creating a new cpanel access and new database with wordpress install. The reason I did this is I had also been experiencing an intermittent
scripting problem where my websites would have new php files created and permissions changed to 777 on index.php files which would prevent my sites from loading properly.
My main issue now is figuring out why only my laptop is affected by the redirect to searchdiscovered,com pages when I try to access my http://facebooklikes.com site.

here is my info, Thanks Jeff

Laptop info

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz, x86 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 2037 Mb
Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 384 Mb
Hard Drives: C: Total - 111348 MB, Free - 69864 MB;
Motherboard: Dell Inc., 0KY767, , .FLD1VF1.CN4864383A1025.
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated: Yes, On-Demand Scanner: Enabled
hijackthis.l... Read more

A:redirecting problem with one of my websites

still need help, July 18
 

1 more replies
Answer Match 51.24%

Hi,I am having issues with my web browsers redirecting to various websites. I mainly use fixefox, but this is also happening with Internet Explorer. I also have Google Crome installed, which cannot bring up pages at all since the problem started.I have added the DDS report, and attached the "attach.txt" file. I have not managed to complete a GMER scan, as each time I have run it, the computer has rebooted, and once I got a blue screen with error "PAGE_FAULT_IN_NONPAGED_AREA pwldapow.sys - address B2B37C3E base at B2B37000, Datestamp 4b274f8d.Your help in resolving this issue would be greatly appreciated.Regards,Bryan. DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 21:05:37.42 on Mon 04/10/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1007.484 [GMT 10:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exesvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dla\tfswctrl.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\Program Files\Common File... Read more

A:browser redirecting to various websites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

20 more replies
Answer Match 51.24%

Hello,

I noticed windows defender (dident even know it was running) advised me i had a 'back door' virus yesterday, i followed the instructions to removed the file and send it to microsoft, i then attempted to download Malwarebytes (www.malwarebytes.org/) and get the following error "The requested URL /lp/malware_lp?gclid=CNib4_rA27ECFVBIpgodNlwA6Q was not found on this server. That?s all we know." or i immedeatly get redirected to gooles homepage (my homepage) if i type in the address www.malwarebytes.org.

I then read the posting guild on bleeping computer and attempted to download defogger and i get the same type of error a google page saying their is no type of file.

any help please

A:Redirecting select websites

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Answer Match 51.24%

Hi,Im having trouble with google links that are directing me to random pages, i've run combofix and got the following report.. any help would be greatly appreciatedComboFix 10-05-29.05 - Darren & Clare 30/05/2010 10:30:38.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.959.563 [GMT 1:00]Running from: c:\documents and settings\Darren & Clare\Desktop\ComboFix.exeAV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Darren & Clare\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnkc:\documents and settings\Darren & Clare\Application Data\Ophiac:\documents and settings\Darren & Clare\Application Data\Ophia\neozo.exec:\documents and settings\Darren & Clare\Start Menu\Internet Security 2010.lnkc:\documents and settings\Darren & Clare\Systemc:\documents and settings\Darren & Clare\System\win_qs8.jqxc:\program files\InternetSecurity2010c:\windows\system32\11478.exec:\windows\system32\15724.exec:\windows\system32\16827.exec:\windows\system32\18467.exec:\windows\system32\19169.exec... Read more

A:Google redirecting to websites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 51.24%

Please help! My computer is redirecting some websites to ad.doubleclick.net or recently //www.adbaaz.com/?dn=i.timeinc.net. It shows a blank white webpage with "Error. Page cannot be displayed. Please contact service provider for more details." written at the top of the page. Other computers work fine on the same network. Only some websites though. I haven't been able to make a connection as to why. yahoo.com, msn.com, etc work fine, but cookinglight.com, espn.com, nba.com, etc are redirected. Please forgive me if I do something incorrectly, this is my first post. Very frustrating though! Please let me know if I haven't given enough information. Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:30:28 PM, on 10/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32&#... Read more

A:Computer Redirecting Websites - Please Help!

Hello dscm,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Answer Match 51.24%

Hi , my browser keeps redirecting me to other websites. i got a little info on how i may resolve this issue.

1 install highjack this
2 installed
3.scan
4 copy log
5. find some one to read and indeftify problems in this log..

so here is the log if anyone can help I would really appreciate it!!!!!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:10:15 AM, on 9/4/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In... Read more

A:need help .. my browser keeps redirecting me to other websites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

12 more replies
Answer Match 51.24%

Just this morning I noticed that my browsers (usually Firefox, though I tried IE too) are automatically redirecting most of my webclicks to random websites and not working properly. I've been running my machine, a new Lenovo with Vista Home Premium with Symantec Anti-Virus and Windows Defender. After seeing the problem today, I tried installing Spyboy, Adaware and Malwarebytes and none would work properly. Adaware installed but I couldn't update it--I ran it as is and found a few cookies but nothing major. Malwarebytes seemed to install but when I clicked to open the application nothing happens. And Spybot wouldn't install at all.

I'm currently booted in safemode where I tried again and failed. I hope that's not a problem for the DDS files:

Any help would be greatly appreciated!!

David

DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by David at 16:07:38.49 on Sun 04/12/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2519.1714 [GMT -4:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Window... Read more

A:Websites are redirecting from what I click on

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Answer Match 51.24%

When I go to a website, typically using Google or Yahoo search engines, I am getting redirected to ad websites. Most times it just redirects my current IE Window but sometimes it will open a new window for the ad. It sounds exactly like what this person was going through:http://www.bleepingcomputer.com/forums/t/272327/search-engines-redirecting-to-random-websites/I have tried doing scans with Malwarebytes, Ad-Aware, SUPERAntiSpyware, SDFix, VundoFix, among others and nothing seems to work. It looks like you helped the person in the forum above so I am hoping you can help me as well. Thank you very much for your help.Here is the DDS log and I have attached the Attach.txt log and the Ark.txt log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Kevin at 19:13:03.95 on Tue 12/01/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1232 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\CTsvcCDA.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\runservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\WINDOWS\system32\nvsvc32.ex... Read more

A:Random redirecting of Websites

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

6 more replies
Answer Match 51.24%

This is happening both on IE7 and FF3. Thanks in advance for any help.
HJThis log as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:49 PM, on 8/26/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\V0230Mon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Users\Gladys\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messe... Read more

More replies
Answer Match 51.24%

In Firefox and Internet Explorer on my desktop, any time I try to go to www.weather.com or www.espn.com I am redirected to Google.

I cleaned up the cookies and all the temp files. I'm not sure where else to look. Any ideas?
 

A:Websites redirecting TO Google

6 more replies
Answer Match 51.24%

Ok, this is my first time posting so here we go:

The problem started with a slow computer which eventually turned into redirecting websites through internet explorer and mozilla firefox. What would happen is I would go search for something at yahoo.com or google.com and it would redirect me to anti virus websites and adware. So, I downloaded ad-aware and it really didn't do anything for me. I eventually took it to my buddy at geek squad and he removed almost 9 viruses from my system. Got the computer back, everything worked perfectly. I now have trend micro internet security. I did a system scan and it found 2 adware problems, and Pac Generic. AWESOME! Grr...So, I removed all the issues, uninstalled mozilla firefox and deleted internet explorer. I am now using Safari by Apple as my internet. I have no redirecting issues with this now but I want mozilla firefox back. Trend Micro isn't picking up any problems in windows mode or safe mode. Someone PLEASE help...?!!?!
Below is my system info and my hijack this log...

System Information:

OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name KOSOBUDNFAMILY
System Manufacturer HP Pavilion 061
System Model PP164AA-ABA a810n
System Type X86-based PC
Processor x86 Family 15 Model 12 Stepping 0 AuthenticAMD ~2411 Mhz
BIOS Version/Date Phoenix Technologies, LTD 3.07, 1/10/2005
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\W... Read more

A:Viruses and Redirecting Websites....HELP

I also downloaded ATF Cleaner and Malwarebytes' Anti-Malware recently and did a scan. It found 3 items and deleted them..one trojan...another having to do with the search bar dealing with the internet and one adware item. So, I downloaded mozilla firefox again..and my search engines were fine for about...a day..then...the same stuff. Redirection to antivirus websites when searching in google, or yahoo. Any ideas anyone???? i dont want to have to reconfigure my hard drive....or go to a system restore..there has to be a way
 

3 more replies
Answer Match 51.24%

Hello,

I posted this post a couple of weeks ago but didn't change my settings so I never received notification that you replied and the topic is now closed. Apologies for that.
I followed the instructions and ran DDS.

The redirecting issue happens no matter what browser I use (IE and Firefox).
Your help would be greatly appreciated.

Thanks,
Matt

Here is the paste of DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
Run by Matteo at 12:09:10 on 2013-01-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3982.914 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\s... Read more

A:Google keeps redirecting to other websites

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

16 more replies
Answer Match 51.24%

I have ran AVG, Super Antispyware, and Ad-aware. It isn't catching anything, but IE is taking me to other websites. I bring up yahoo.com and if I search for anything it takes me to many random sites like viagra.com and momversation.com Can anyone help me?

Thanks so much!

Shay

A:Virus is redirecting IE to other websites

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Answer Match 51.24%

I think I have some type of virus. I run on windows 7. Every time I am on my browser both Internet explorer and Mozilla I click on a results link and I am redirected to a completely different site. I have already ran Malwarebytes and nothing was found . What can I do to fix this?

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by zaynab at 12:03:34 on 2011-12-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5884.4075 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe ... Read more

More replies
Answer Match 51.24%

I am running vista Business. Kasperski 12.0.0.374 as my anti-virus. on a Toshiba laptop that is a few years old. Kasperski started complaining about Heur:Trojan.Win32.Generic in c:\windows\system32\drivers\tdx.sys which it was unable to disinfect. at some point after this i noted that webpages would randomly go to places i did not direct them to "some sort of proxy or redirect" I attempted to run MalwareBytes and it didn't seem to detect anything. Before reading the instructions for this forum i ran a copy of Combofix, hopefully that will not screw up the process. attached is both dds logs and gmer logThank you in advance for any help you can give. Steven LambEdit: Moved topic from Vista to the more appropriate forum. ~ Animal

A:Websites Randomly redirecting

Download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

50 more replies
Answer Match 51.24%

The websites I click on redirect to other sites. I've used spybot, spyware doctor, malwarebytes and nothing works. I downloaded HijackThis and I think I found the problem. When I checked the boxes to fix them they still didn't go away. Here is the logfile from HijackThis I hope someone can help because this is driving me crazy trying to figure out.Thank You,PJSPJSLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:59:01 PM, on 6/18/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\stsystra.exeC:\Program Files\Common Files\AOL\1238830345\ee\AOLSoftware.exeC:\Program Files\Lexmark 5000 Series\lxdmmon.exeC:\Program Files\Lexmark 5000 Series\lxdmamon.exeC:\Program Files\Real\RealPlayer&... Read more

A:Websites redirecting - malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 51.24%

sorry such a rude first post, I normally introduce myself, but it has taken me forever just to get to this place due to the fact that I keep getting redirected to search sites. I've ran malwarebytes (latest update) but it doesn't get rid of the rootkit when i restart my system. (just FYI i got this nasty bug from wwtdd.com) I am unsure of what i can do next, and i don' want to do a complete system restore...I just did one last week, and I'm unsure of trying to use combofix, as I've never used it before. Any help would be greatly appreciated!Update- I've also ran Spybot Search and Destroy, which did get rid of some stuff, and things are running faster, however, I'm still being redirected to 'thefeedyard' and other search sites.

A:'thefeedyard' redirecting websites.

Hello and welcome.Please post the infected MBAM log.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Next...We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

9 more replies
Answer Match 51.24%

Hey everybody, thank you for helping me out. Recently I have found that google redirects to other websites than websites I intended to go to and Malwarebyte's Anti-Malware is blocked from running unless mbam.exe is renamed to something else. In the past I have just run Spybot or Combofix and that always fixed the problem, but this time nothing has worked. I have ran Spybot, Combofix, SUPERAntiSpyware, and Malwarebyte's Anti-Malware to no effect. I have searched around the net I believe that this is a fairly new virus so I haven't seen any solutions to this yet. Here is a log from Malwarebyte's Anti-Malware after it had supposedly removed the files that seem to be the source of the problem, unfortunately this problem still pervades. If you need a HijackThis log please just ask; here is a similar problem with one: http://forums.techguy.org/malware-removal-hijackthis-logs/904477-links-google-redirecting.html.

Code:

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

3/17/2010 10:27:51 PM
mbam-log-2010-03-17 (22-27-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 300996
Time elapsed: 2 hour(s), 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infect... Read more

More replies
Answer Match 51.24%

I am working on my bosses wifes computer and it is infected with a redirector that is using BNVDRS.COM as the website.
 
I tried running Malware bytes and TDSkiller and a couple other tools that were discussed in other discussions. But to no avail.
 
I am thinking we are going to have to do this step by step and I do not know what I am looking for in the logs.
 
Any help would be greatly appreaciated.
 
Russell Fosberg

A:BNVDRS.com is redirecting me to websites

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-se... Read more

1 more replies
Answer Match 51.24%

I think I have been hit with malware. I click on google search links and i keep getting directed to various random sites (TheAdMagnet, LocalBuzz, FoodPuma, SureBaby, et. al).
I deleted the software i thought was the culprit, some apple/mac GUI transformation pack. I have tried to to a clean install of windows but I am missing some files and can't complete it. Also, on hijack this, I get an error message (see photo link below). MalWareBytes found nothing either.
http://picasaweb.google.com/lh/photo/t6AYJLGnlU-CEker5q9a2rWz70JHTSSMd1n7-6m0Tn8?feat=directlink
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:49:54 PM, on 11/30/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
C:\Users\HPDesktop\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Users\HPDesktop\AppData\Local\Googl... Read more

More replies
Answer Match 51.24%

Hi,

Thanks for reading.

I'm currently running Windows XP Pro, SP3. The install is fairly fresh, but I believe I've caught something bad.

I ran Malwarebytes' Anti-Malware and nothing was found.

Could someone please assist me in fixing this non-sense?

Thank you.

A:Websites Redirecting to Ad Sites

Hello these next.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run ... Read more

5 more replies
Answer Match 51.24%

I clicked on a Spam link and I got infected by a UKash ransomware. I have K7 installed and it did not identify it. I googled for help and scanned the system with Malware Bytes and it detected and removed the ransomware.

However, I keep getting notifications saying that Malware bytes blocked outgoing traffic to 195.88.209.15. I can also see "IP-BLOCK 195.88.209.15 (Type: outgoing)" in the log.

Moreover, when I try to surf the internet it gets randomly redirected to random websites. I ran both rkill and tdsskiller - both did not detect anything. I tried running combofix against the advice given in this forum as I was very desperate to get my laptop cleaned (Sorry!!).

The DSS.txt content is below. Any help on this is much appreciated. I am a student and I am in the middle of preparing my university thesis, so the sooner I can get my laptop clean the better it will be for me.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385
Run by Dell at 17:52:05 on 2012-12-14
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2997.1422 [GMT 0:00]
.
AV: K7TotalSecurity *Enabled/Updated* {96053243-D4B1-7CB4-BBA0-4BFBC0A5A129}
SP: K7TotalSecurity *Enabled/Updated* {2D64D3A7-F28B-733A-8110-7089BB22EB94}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: K7TotalSecurity *Enabled* {AE3EB366-9EDE-7DEC-90FF-E2CE3E76E652}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
... Read more

A:HELP needed - Websites keep redirecting

I did attach the attach.txt file in the previous post, but I couldn't see it in the post. So attaching it here again.

P.S.: bleepingcomputer.com get redirected most of the time so posting this from another machine. Thanks in advance for the help!

19 more replies
Answer Match 51.24%

Hi,

I have a dell laptop running windows 7, 64 bit. A few weeks ago I tried to download the new version of internet explorer. While installing, something else popped up to install and I clicked yes. McAfee said it had detected alueron and then the computer carked it. I used the Dell emergency backup and restore tool to wipe the computer, however I now have issues with websites redirecting. This occurs in both internet explorer and firefox. I've tried a few different programs to remove what is causing this (AVG, malwarebytes, ad-aware, emisoft) with no success. Any help you would be able to give me would be much appreciated. DDS text is below and attached.

Thanks.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Companion Cube at 20:51:08 on 2011-08-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3957.2682 [GMT 10:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C... Read more

A:Alueron, now websites redirecting

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Fir... Read more

15 more replies
Answer Match 51.24%

I am running Windows 7 premium and Lavasoft Ad-Adware protection.I have used Malwarebyes without success. I do a complete scan everyday and get 5 to 180 traces every scan. These are usually cookies. I am unable to reset my IE9 to original default. So I was directed to you folks by Microsoft Community since all the remediesthey suggested and I tried didn't solve the problem. Google Chrome is my default browser and of course Bing comes with MSN--my home page. HELPEdit: Moved topic from Introductions to the more appropriate forum. ~ Animal

More replies
Answer Match 51.24%

hello , my computer has been acting wierd latly whenever i go to click on a website it always takes me to pages i didnt even want to go to . i looked this up on the internet and found it was a browser hijacker and i was recommended to use hijackthis so i have and i dont know what to get rid of...i was told to paste my scan log to a website where people who no far more than me could tell me what is safe to delete and what i should keep

so heres my log hope you can help me , if not i whould love if someone could give me a alternative solution ...thanks

A:My computer keeps redirecting me to websites

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:56:55, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\adam morris\Desktop\HiJackThis_v... Read more

10 more replies
Answer Match 51.24%

Hi there, I was using chrome for a while, but it's started playing up and redirecting me to wrong websites, like when I've went on the google chrome extensions page from google search it redirects me usually to the google homepage, but sometimes it takes me to this other website, I think something to do with security. Before everything was fine but it then it said google was using a weak algorithm and something to so with a certificate, I'm sorry I'm a little vague because I forgot what it said. I'm not sure if other things are happening on opera, but not long ago I came across a thing i couldn't get out of which was saying I was blocked from the internet because of copyright!

I also uninstalled chrome to see if it worked, but it didn't and I also uninstalled mozilla as well and download them again to see if it worked. but nothing happened.

Also, what free antivirus thing should I get? I can't believe I haven't gotten one sooner, if I had I bet I wouldn't of even gotten into this mess, but I've learnt from it and I'll make sure it'll never happen again.

I really appreciate your help!

EDIT: I guess the security error from chrome only pops up occasionally, here is what it says:
The site's security certificate is signed using a weak signature algorithm!
You attempted to reach chrome.google.com, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server... Read more

A:Chrome Redirecting Me To Other Websites

Run a full scan with Microsoft Security Essentials and Malwarebytes Anti-Malware.

Malwarebytes is free, just Decline trial version when installing.

8 more replies
Answer Match 51.24%

Hey guys, so ill get straight to the point. im all of a sudden being blocked from websites that i used to visit with no problems. ill google a website, (ie glocktalk.com) click the link and it will redirect me to a website called blocked-website.com where it says:

Sorry, but glocktalk.com is blocked on this network.
This site was categorized in: Weapons, Forums/Message boards

Contact your network administrator


Our SponsorsSponsored LinksNFP Advisor Services
An exclusive network of highly successful Investment Advisors

www.nfpasg.com

Daily Penny Stock Picks
My email alerts may cause Insane gains for active traders!

www.PennyStockAlerts.com

This Stock Will Explode
You Need to Know About this Next Awesome Penny Stock! Read More.

www.PennyStockCircle.com

8% Annual Annuity Return
Get Guaranteed Lifetime Income and Reduced Risks to Retirees All Here.

AdvisorWorld.com/CompareAnnuities

Powered by OpenDNS


i tried superantispyware, malewarebytes, cc cleaner, avira all failed. any help would be great.

HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:40:08 PM, on 3/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\DAODx.exe
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series&... Read more

A:blocked from websites redirecting

i also just tried accessing the same site on a different computer on my network and its still being blocked.

4 more replies
Answer Match 50.4%

I think I have some type of virus. I run on windows 7. Every time I am on my browser both Internet explorer and Mozilla I click on a results link and I am redirected to a completely different site. I have already ran Malwarebytes and nothing was found . What can I do to fix this?

A:browser links redirecting me to other websites

I think I have some type of virus. I run on windows 7. Every time I am on my browser both Internet explorer and Mozilla I click on a results link and I am redirected to a completely different site. I have already ran Malwarebytes and nothing was found . What can I do to fix this?

hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:39 PM, on 6/11/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Mighty Magoo\mightymagoo32.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plu... Read more

10 more replies
Answer Match 50.4%

I don't know what happened. 1st I got some kind of windows defender thing and I didn't click on it. Then I system restore and nothing changed.Now when I google and click on the subject, my browser opens some unknown place. Firefox also refreshes tabs by them selves and opensto an unknown websites. I have AVG and I have run Spy Bot and SuperAnti spyware, they found nothing.I did the DDS. This is driving me crazy. I appreciate any and all help I can get.Thank you!

A:browser is redirecting to unknown websites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

2 more replies
Answer Match 50.4%

This comes up whenever I try to go to the Windows Compatibility Center site:
https://www.microsoft.com/en-us/windows
but that is not the compatibility center, and I use Windows 7 HP 64 bit so it does not apply to me at all.

Has the compatibility center page been taken down, or is there a way to navigate to it from the above page please??
Thanks in advance!!

More replies
Answer Match 50.4%
Answer Match 50.4%

I ran supermalwarebytes and avast before finding this forum. It kept finding threats and said they were deleted , but they are still there after I reboot. The foreign processes that are running can not be found in their filepath even after I have checked that my settings say to show hidden folders. Please help me remove this virus, etc....Below is the DDS file and I attached the other requested files, however the GMER program only let me check the (services, regestries, files from c:) because the other boxes were shaded and unavailable. I tried GMER twice with the same results...Thanks for helping me!!

DDS File

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Angela at 11:50:38.19 on Mon 04/11/2011
Internet Explorer: 9.0.7930.16406
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2531 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\w... Read more

A:Websites redirecting and can't delete processes

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

14 more replies
Answer Match 50.4%

Hello,
I am using Windows 7, and am having redirect problems that I believe are caused by a root ransomware virus.
The problem began with redirects to Interpol and Italian police ransomware sites (I am an American in Italy). Not all sites redirected at first though, and eventually Malewarebytes and Avast were able to locate and quarantine some files.

But the problem has not gone away. The only sites I can access are major ones (nfl.com, cnn.com, youtube.com, etc., avast's website, google sites, etc.) Any smaller websites (atlantic.com, huffingtonpost.com, etc.) get redirected. At the moment, the redirects on Internet Explorer go to a graphic "dating" website, which can be closed down easily. On Firefox, the "Interpol" site still comes up, though Avast tends to stop it and quarantine it before it causes any harm. Nevertheless, I still can't go on the site. I am using Chrome without Javascript to figure out what to do (how I am using this site right now, which would redirect otherwise). So whatever it is, it functions off of Javascript.

The real problem is that whatever is messing with my internet is on my computer, and is not being found. I'm constantly running scans through Avast, Malewarebytes, and now AdwCleaner. Each one at one time or another has found problematic files, but nothing has eliminated whatever is causing the problem. And the great majority of scans say nothing is wrong, which is patently not the case.

On one hand, the problem does not seem to be very serie... Read more

A:Websites redirecting, scans find nothing

Didn't mean for that to be a giant block. I had paragraphs, but I am forced to not use Javascript in order to use this site, which I think caused that rather unseemly mess.

1 more replies
Answer Match 50.4%

I've multiple antivirus/malware programs on my computer as I've been following another set of instructions to try and remove this. Nothing's working. When I search for anything pertaining to "google redirect virus", when I click on a few random results, I'm redirected to sites such as couponmountain.com. Here's my log. Thanks in advance~
DDS (Ver_09-06-26.01) - NTFSx86
Run by Edgeyworthy at 18:55:49.78 on Mon 07/20/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.476 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.8.1335 [VPS 090720-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Progra... Read more

A:google redirecting to random websites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 50.4%

Hi guys, great forum! The last couple of days my google searches have been redirecting me to websites like heavy.com and referenco.com...I have googled my problem and by the looks of it my browser has been hacked (whatever that means!)

I downloaded Hijack This and here is my log...any help appreciated

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:24, on 21/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.ex... Read more

A:google results redirecting me to different websites

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply.

------------------------------------------------------

2 more replies
Answer Match 50.4%

This is not my computer so I have limited information as to the activities that led up to this infection, but I have only been able to access maybe five or six websites at ALL on her computer. Often, even if a page does load, it skips to another page for no apparent reason. I was loading a google search, and it jumped to craigslist. Then it opened up a weight loss website and gave me some popups telling me I need to download an anti-virus program I had never heard of. (I wish I had written down the url it tried to direct me to, because I have not seen said popup again).Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:18:43 AM, on 7/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\System32\cisvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\Exp... Read more

A:Worm Redirecting/blocking Websites

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following....Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NEXTPlease visit below webpage for instructions for downloading and running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.Regardsfenzodahl512

2 more replies
Answer Match 50.4%

Hello all. I am new to this forum. In the recent days, my C Drive has been filling itself. I was also getting redirected to some random websites. I looked up for many guides and some forums on Bleepingcomputer. I followed this post/page.
http://www.bleepingcomputer.com/forums/t/483583/virus-causing-hdd-to-become-completely-full/
i know i shouldn't have done that and i'm sorry for this. I downloaded all the softwares mentioned in the above link. I ran ADwCleaner. I also ran roguekiller and combofix (again. i shouldn't have done that without experts' help.). I also ran TDSSkiller. After that i ran aswMBR and it crashed in the middle. Then i ran CCleaner. After that a scan with Malwarebytes. A few threats popped up, but most of them were trainers. I removed all of them. Now after rebooting the computer, i noticed that the problem of C Drive filling itself up still exists. I also ran OTL. I would love it if anyone will be able to guide me on what to do now. I know i f'ed it up, but i didn't know that i shouldn't have done all that. :/  
P.S. I have Windows 7 ultimate 64 bit service pack 1 and Kaspersky internet security 2015 with malwarebytes and CCleaner installed. 
After doing all of this, i followed the guide at
http://malwaretips.com/blogs/malware-removal-guide-for-windows/
C drive went from 5GB to 24.7 GB.
It reduced to 24.6 GB and now that website redirecting bleep is happening again. My ram usage is also 46% for no reason at all. (i have 8 GB ram)
Any help would ... Read more

A:C drive filling itself and redirecting to different websites.

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

24 more replies
Answer Match 50.4%

I am using Windows XP on my laptop.

I got infected by trojan horses from downloading a file on Limewire a week ago. On the next day, my Firefox would not connect on the internet (Connection interrupted) but was able to go on the net on Internet Explorer. Used Malwarebytes (which caught a bunch of infected files which were deleted and quarantined successfully) to reestablish the Firefox connection.

Now I have redirecting issues despite using SuperAntiSpyware, Spybot:S&D (caught the trojanC and Microsoft.Windows.SecurityCenter.Firewallbypass) and AVG (Which caught the infected file from limewire but I had already deleted them: Trojan Horse SHeur2.BNPZ/BNPX/BNMQ/BNLQ/BONB. There are two files of Trojan horse SHeur2.BONB in C:\RECYCLER... and C:\System Volume Information\_restore\...). In an effort to minimize the problem, I used the NoScript add-on of Firefox and downloaded SpywareBlaster. Can anybody help me solve my problem? Thank you for your time.

Here's the first log I had using Malwarebytes on October 30 (Note: I installed Malwarebytes on October 30 and did not change the name of the file to zztoy.exe before installing it, if that's relevant):

Malwarebytes' Anti-Malware 1.41
Database version: 3063
Windows 5.1.2600 Service Pack 2

10/30/2009 11:10:17 PM
mbam-log-2009-10-30 (23-10-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 250146
Time elapsed: 2 hour(s), 4 minute(s), 35 second(s)

Memory Processes Infected: 0
... Read more

A:Google redirecting to unrelated websites

Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)Now put a check next to Complete scan to scan all local disks and removable media.In the top menu, click Settings > Change settings... Read more

8 more replies
Answer Match 50.4%

My IE isn't working. I try and open the browser or click a link and I get this message:C:\Program Files\Internet Explorer\IEXPLORER.EXE; program not foundI also get this message when trying to open the .exe that's in the Program File. I've tried everything I can think of. Updated to IE 8.0beta, didn't work so I uninstalled it and tried to redownload 7.0, didn't work, I also can't uninstall 7.0, it's not an option in the add/remove programs. I did click a link yesterday before this happened and got that message error and then within five minutes, AVG popped up saying virus was found but that it had been healed and wiped. So I'm not sure if this has to do with my IE not working or not. BUt before all of this happened, I was getting redirected to different sites when browsing. I'd search for something and then click on the result and it would send me to either bottomdollar.com or it would say website does not exist, so I'd have to go back and click on the link again to get to the website. I've also had this thing where I'll be on a site with no ads or music and yet an ad will start playing over the speakers, and continue to play even when IE is exited. I've had a few trojans since the beginning of December but the AVG found and cleared/healed them but the problems persisted. So here's my HJT log below, help is appreciate: EDIT: Just looked at the list, I see that McAfee is still on there, I uninstalled this ages ago, like almost a year and I still can't get it com... Read more

A:Redirecting websites and missing IEXPLORER.EXE

It should be IEXPLORE.EXE, not IEXPLORER, sorry.

14 more replies
Answer Match 50.4%

Tries running Malware bytes, HJThis and nothing... Any help would be good.

-Thanks
Panama

A:Malware redirecting websites from google help.

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

2 more replies
Answer Match 50.4%

I have a virus on my computer that keeps taking me to random websites that I never visited before. I am running Windows XP on a fairly old PC. I tried virus scans, ad-aware scans, and still no luck, even did a system restore twice reformatting my computer and it still didn't work. The reason is the virus has got in my system recovery hard drive (D) which is the second hard drive on my computer aside from (C) which is my main drive. Whenever I do a system recovery the virus comes along. Any tips on how to get rid of this thing, I don't care about having to do another format, anything as long as I can get rid of this thing. I want to format the (D) drive as well but it is the drive with the system recovery files and I don't have them on CD or anything.

HIJACK LOG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:47:16 AM, on 3/24/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.... Read more

A:Virus redirecting to random websites

Edit/Bump Thread, I'm sorry I should have read the sticky at the top of the forums before starting this thread, I left out some of the log files. I have included all that has been asked, thank you for taking the time to check out this problem. I couldn't attach the ark.txt file because I am having problems with my browser thanks to the virus on my computer, so instead I uploaded it to sendspace.com, I hope this is not a problem, once again thank you for taking the time to help me out.
 

1 more replies
Answer Match 50.4%

Vista Home Premium SP2

I'm finding that I'm getting randomly redirected to other websites off of google searches. In other words, clicking the results from a google search sometimes redirects me to some unwanted website (this is using the Firefox browser). I'm also finding internet browsing to be much slower than usual. Spybot and MBAM scans have come up clean.

Thanks in advance for any insights.

More replies
Answer Match 50.4%

Hi and thanks in advance for any help i receive. Last night i seemed to have been infected with some sort of infection not sure what it is.Whenever i search something on google and click on the links that come up i get redirected to strange websites that have nothing to do what i was looking for. I have to copy the links and paste them in my address bar or else i can't get to themI run windows vista home premium and use firefox as my browser.Here's my HJT log Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:22:03 PM, on 02/07/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Unable to get Internet Explorer version!Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\hp\support\hpsysdrv.exeC:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Games & Other Programs\iTunes\iTunesHelper.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Ray Adams\ATI Tray Tools\atitray.exeC:\Windows\System32\mobsync.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\wbem\unsecapp.exeC:\hp\kbd\kbd.exeC:\Games & Oth... Read more

A:Google redirecting to strange websites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 50.4%

When clicking I click on links on google the page redirects to various search pages and not to the original url. Also, I have been getting pop-ups lately if that helps.


DDS (Version 1.0) - NTFSx86
Run by hayat at 0:17:58.99 on 28/11/2008
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.3006.1747 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.ex... Read more

A:Google Redirecting To Other Websites; Constant Pop-Ups

Hello m.ali and welcome,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

15 more replies
Answer Match 50.4%

Can anyone help with this issue? Thanks.

Sites like safecompare.com, etc.

I am using IE and Windows XP

A:Help - Searches redirecting to strange websites

Anyone? Could this be the TDL3?

6 more replies
Answer Match 50.4%

I've wasted much of this weekend trying to remove this thing from a home computer. Not sure how it was downloaded, since the kids and my wife mainly use it. I have run malware multiple times in safe mode (full scans). It removes several files, but on restart, the problem returns. I have cleaned the LAN settings from redirecting firefox and IE, but any search results you click on get redirected to random sites and some sites (e.g., gmail.com) cannot be accessed at all. I hope the creators of this are prepared for their long and hot afterlife. Thanks for your help. See the attached DDS and GMER files. I ran these in safe mode. I also ran TDSSKiller (as seen on some other threads), but it returned clean.

A:redirecting websites - gala virus

After posting this, I tried yet another search for solutions (on another computer). This one from a google group seems to have fixed it:
- Open the Start menu, then select Run...
- In the blank next to Open, type "c:\windows\system32\drivers\etc" without the quotes, then hit OK.
- Select the Tools menu (toward the top, between Favorites and Help)
- Select Folder Options in the Tools menu, then click the View tab
- Under Advanced Settings, select the radio button beside "Show hidden files and folders"
- Uncheck the box next to "Hide protected operating system files..."
- A warning window will appear, select Yes, then hit OK
- Right-click the file named "hosts" and select Properties.
- Under the General tab, uncheck the box next to Read-only (if it is blank, leave it as is).
- Hit OK.
- Right-click the file named "hosts" again and select Open-With?
- In the Programs list, select Notepad, then hit OK
- Delete everything in the Notepad windows except ?127.0.0.1 localhost?
- Hit File, then Save, then exit Notepad
- Restart your computer

2 more replies
Answer Match 50.4%

Hello, I hope someone can help me identify the perpetrator based on my HijackThis log (see attached). Certain websites that require a log in (bank websites & ebay in particular) redirect my browser to a phishing page that looks exactly like the bank or ebay website. Thank you for the help! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:58:38 PM, on 8/21/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkU... Read more

A:Browser Redirecting To Phishing Websites

Hello Gbraun2000 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, and you're notified a more current version is a... Read more

1 more replies
Answer Match 50.4%

Hello, I've been having issues with Viruses or Malware for a few weeks. I've tried everything I can think of, but for the life of me I've been unable to find the culprit files. I have Avast! antivirus, and Zonealarm firewall. I scanned with Malwarebytes, and Avast -sometimes they come back with detections, sometimes they come back with clean record but I still get redirected.Some of the websites that I am redirected to, were harmless going to random websites such as Sprint.com or other vendor websites (Monster Marketplace etc).Lately they've been getting worse, now opening programs such as Windows Media Player and trying to play a file. After Windows Media Player opened, instantly Zonealarm came up and it said a file (nmo.exe?) was trying to connect to the internet. (I'm guessing it was a Trojan.) I denied it access. I have the IP and some of the code that was visible on the website that downloaded the file.After a Malwarebytes scan, some random files had been infected. I removed the files, and rebooted.. and then the computer was unable to open any .exe file lol. (I think RunDLL32.exe was deleted in the cleaning process.) But I worked it out and can open .exe files again.So as you can tell I've been jumping thru hoops trying to clean this, but finally posting for help. Thanks in advance!.DDS (Ver_11-03-05.01) - NTFSx86 Run by Owner at 18:38:56.54 on Tue 03/29/2011Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17Microsoft W... Read more

A:Google redirecting to Trojan and other websites

Hello and welcome. I apologize for the delay. If you no longer need help with this issue, we would appreciate you letting us know. Otherwise, please perform the following steps so I can have a look at the current condition of your machine. I realize that you have already posted logs, but because of the time that has passed I'd like a fresh set. Please download DDS by sUBs from one of the following links and save it to your desktop.DDS.scrDDS.comDDS.pifDisable any script blocking protection (How to Disable your Security Programs)Double click DDS icon to run the tool (may take up to 3 minutes to run)When done, DDS.txt will open.After a few moments, attach.txt will open in a second window.Save both reports to your desktop.---------------------------------------------------Post the contents of the DDS.txt report in your next replyAttach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD. Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don... Read more

2 more replies
Answer Match 50.4%

Whenever I use google to search for something, clicking on any link often redirects me to another search engine. (ex. hxxp://www.thesalespace.com/search-results.aspx?keywords=banana when searching banana) This doesn't always happen, but when it does it will redirect 4 or more times before going to the desired website. Occasionally it will open a new tab randomly, generally to a google site with /webhp at the end of the address. I do not know the source of the infection, as none of my malware or virus detecting software finds anything. I use Avira AntiVir and SuperAnitSpyware, both free editions.DDS (Ver_10-10-05.01) - NTFSx86 Run by Dan at 12:19:21.15 on 08/10/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3070.2064 [GMT -5:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\... Read more

A:Google Redirecting and opening other websites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

14 more replies
Answer Match 50.4%

Hello, sometime during the past week or so, my laptop contracted a bug. (I'm currently using my desktop to post information to this forum.)

On the laptop, I am running Windows XP Professional (Version 5.1 - SP3). I am unable to go online using Internet Explorer 7. The laptop is running (all programs) very slow. I have access to a Windows Install Disc.

Thank you in advance for the help.
Carol

Here are the log files from my laptop:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Carol at 21:16:01 on 2011-05-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.67 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpd... Read more

A:Redirecting websites/Google search

Hello and welcome to TSF. My name is Taylor and I'll be helping you with your fix.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

19 more replies
Answer Match 50.4%

Hi,

I am requesting assistance in removing possible spyware on my machine. Whenever I go to a website to do a virus scan check, I get redirected to another website that is no relation to a virus scan.

Please see my hijack this log and advise what is causing the redirects to occur.

I tried following the instructions on the main page, however I wasn't able to run any of them.

Thanks,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:57 PM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com/browsers/redirect/...1HPRR&d=homerr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\M... Read more

A:Internet Explorer redirecting websites

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

See if you can run RSIT:
Download RSIT by random/random and Save it to your Desktop.
Double-click RSIT.exe to run the tool.
Click Continue at the disclaimer screen.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Please copy/paste the contents of log.txt in your next reply.
Please attach info.txt to your reply.
To attach a file to a reply, simplyClick the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
Copy and Paste the following into the Upload File from your Computer box:C:\rsit\info.txt
Click Upload
------------------------------------------------------

19 more replies
Answer Match 50.4%

Hi,Now and then when I do a Google search and click the link it redirects to a different link rather than the one that is present. Some times, it automatically opens another tab when browsing a site even though I have not clicked anything. This does not happen always, but it happens now and then. Also, sometimes I get the XP Defender and Antivirus Pro virus issues as well. I have tried using combofix, malware and Spybot to clean these. But still the redirecting issues have not gone well. I use Mozilla Firefox 3.6.3 and have also tried clearing the internet files with out much luck. Please help.DDS (Ver_10-03-17.01) - NTFSx86 Run by 113900 at 15:18:23.01 on 21/04/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1239 [GMT 1:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\Common Files\... Read more

A:Redirecting to various websites from Google search

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

51 more replies
Answer Match 50.4%

Hi. I'm usually able to find answers for any problems I encounter on here without needing to register and ask a question myself, but I'm having trouble with this one:

- I am in an office with 2 computers. Both of them suffer with the same problem which appears to be some kind of virus: Essentially, when I click on a link, usually from google results, I am re-directed onto a different, random page. If I open the link in a new tab, I can click 'back' until I reach my intended page, but it is annoying that I have to do this, and more of a concern is the reason why it is happening, and what implications it might have that I don't know about. The websites are various things, sometimes as inocuous as eBay, occasionally porn, but more often than not websites such as 'google analytics', 'adclicks', 'gossipcenter' etc.

- I have run MalwareBytes and also have Norton installed, but nothing stops it.

- I purchased a third computer and have just connected to the internet. To check the net worked, I went to google, did a search, clicked on a link and lo and behold, it got redirected to eBay! The fact that this is a new computer, and already it is happening, makes me think that the virus/malware is 'getting in' earlier in the chain, rather than hitting the individual PCs, but my knowledge of this kind of thing is not good enough to know what to do.

Please help! I'm not really a computer expert, I can carry out tests and ret... Read more

A:Redirecting websites on all computers on the network

What kind of router do you use in the office?

3 more replies
Answer Match 50.4%

EDIT: I just noticed my topic misspelled infection. HA! Should be "Auto-redirecting websites infection"I fell victim to an Adobe Acrobat exploit that installed a few false virus programs (I don't recall the names) and some other exe files that I don't know of and even blocked SAS and MAM. Safe Mode no longer works and some websites get redirected. I thought I did a thorough job of cleaning it up with a combination of HijackThis followed by updated SAS and MAM scans; but Safe Mode still freezes (after Mup.sys loads), and I still get redirected every-so-often. I noticed they get redirected mostly when going to any technical websites computer related. If I try again, it will access the site.I've tried a new safeboot.reg and a number of odd things I read. I hope I posted this all correct.DDS (Ver_09-12-01.01) - NTFSx86 Run by admin at 15:30:19.43 on Thu 02/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.469 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exeC:\WINDO... Read more

A:Auto-redirecting websites infaction

Hey chaokoh,Welcome to Bleepingcomputer! I'm Ltangelic and I'll be helping you fix your computer problem.Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, I ask for your patience. Please stick with me until we get your computer cleaned up or it will be a wasted effort on both sides. ;)I'm looking at your log now, and I'll post back with a fix when I'm ready. Thanks for your patience.PS. If I've not been responding, and you wonder why, feel free to PM me and I'll give an explanation.LT

19 more replies
Answer Match 50.4%

Greetings,Information about my infection can be found here:http://www.bleepingcomputer.com/forums/topic360167.htmlThere is further information about my situation in my second and third posts.Also I think should point a weird phenomenon that occurred maybe a few days before posting my original topic, when I went on my computer and all the pictures on my desktop icons changing every few seconds (for example a .RAR file might have the "Notepad" is icon picture, and Firefox might have a the music file picture, and so on, and then in maybe 10 seconds, everything would rearrange again. It made my computer very slow and wouldn't stop until I was finally able to end 'explorer.exe' in windows task manager, and run it again.Not if this is any help, but I guess it's worth mentioning.Since my posts in that thread, I have reset my router's settings (using the reset button on the back), and changed the password while booted from a flashdrive using a linux OS (I called verizon to ask for a replacement router, but they turned me down), and browsed the internet for a few hours, and didn't see anything suspicious.As mentioned in the topic that I linked to, I plan reformat my hard drive, but in the event that it wasn't my router that had the problem, I guess that means that some other part of my computer is infected, meaning the reformat is useless.So before I go ahead and reformat my hard drive, I would like to know where else an infection could be hiding ... Read more

A:Rootkit/malware redirecting me other websites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

18 more replies
Answer Match 50.4%

Hello everyone ,
For few days I am having problem with Google chrome, when ever i try to go to any weblink in google chrome after having google search, by clicking on my desired link, instead of landing into the concerned webpage, it is being re-directed to some other website, however when I chosse to "open the desired link" into another tab by right click on the link, it is opening ok in the new tab, unable to find any reason for it, but it surely some sore of virus problem,as per my less knowledge of computer and internet. The problem started as I tried to download a software for writting Arabic and Persian language, even after the full removal of this software from my system,the problem with the system is there. during the search for getting rid of this problem, I got link about this forum and and also downloaded "hijack this" and scanned the system and here is the log report :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:33:30, on 19.07.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Users\SQ\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\SQ\AppData\Roaming\Thinstall\Kelk 2000 Arabic - Persian\4000003d00003i\cryp... Read more

A:Google Chrome redirecting me to other websites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 50.4%

I am using 2 browsers on my computer here; Mozilla Firefox and Internet Explorer. When I type something in search engine like Google or Yahoo it redirects me to random websites. Here is my Hijack this Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:19, on 2011-05-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\D-Link\Wireless G WUA-1340�... Read more

A:Search Engines Redirecting to different websites!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

5 more replies
Answer Match 50.4%

Hi, I'm having some strange problems.
In this house, there are a number of networked machines running on Windows XP, connected to the internet through a router.

A couple of the PCs have a funny redirect problem - google searches get hijacked and start going to ask jeeves or some shopping thing. (AVG and some online scanners returned nothing)

One PC has just been reformatted, and some problems still persist (perhaps a router malfunction?). Some sites just fail to load on it, and some games can't connect.

Sorry I can't give more details - but I'm happy to run any suggested checks.

A:Websites failing to load/redirecting

Hello and welcome to Bleepingcomputer.First download the FREE version of MalwareBytes, install it, update it, then perform a FULL system scan.Mawarebytes Anti malware http://www.malwarebytes.org/Post back your results, if you find infections, you may have to go to the AII forum section of BC to ask for assistance in cleaning your computer from experienced malware removal staff.Bruce.

1 more replies
Answer Match 49.98%

Hello to whomever responds!

This is my first time requesting help/advise via your website, so bare with me. Up front info includes: This is about a month old computer, it is a work computer, I do have admin rights to my computer, I frequent the Microsoft website for updates as precautionary and recommended, the president here is not fond of spending money on newer technology software (including anti-virus/spyware software), I'm fairly knowledgeable with computers (with the exception of malware removal)

Within the past week i've experienced redirecting through Google links to misc. websites not intended to be viewed. They are always different, but I'm not redirected every time. I could click on a link, be redirected, hit the back button, then click again and it continues as intended to the correct website. Only pattern i've noticed is the favicon of the redirect briefly flashes before the actual redirect website appears. This favicon looks like a handwritten swirly number 2, and it's blue. I don't believe i've noticed any websites including sexual content or gambling as others have experienced. I have noticed in my temporary internet files some suspicious cookies with ip address looking numbers like 66.230.188.67 & 64.111.196.117. That's a little scary. Other than the redirects, i'm not experiencing any slow down or pop-ups or errors, but I want to nip this thing in the butt before it gets out of control.

I've downl... Read more

A:Google links are redirecting to misc. websites

In addition to the above, I failed to mention that we are running Windows XP Pro operating system with SP3. Also, i've noticed many other forums regarding redirects and Mozilla Firefox. Just letting you know ahead of time that I have never installed Firefox, and we only utilize IE8.

FYI

1 more replies
Answer Match 49.98%

I am having a problem with my laptop. I am using a windows vista home premium, 32 bit OS. I think it is infected with some kind of malware. The problem is with using online search websites. I am not able to access any links through these sites. I am being redirected to some bogus sites. Sometimes, these sites pop up in different window. This problem started (i believe) when i manually downloaded a freeware. I downloaded some file compressor freeware (i dont remember the name) and installed it. But it did not show any instalation wizard or process. the window just disappeared on clicking instal. I cant see it even in the installed programs list. I believe it is hidden somewhere in the system. I dint have any virus/malware protection in my system at the time of downloading and installing of this freeware. Immediately after this when i tried using google search site, it took me to some thewebsitesurvey.com.....and now this problem has become rampant.....not able to access any links through these search sites. However, i can access the same websites when i go to their url directly (rather than using google)I later got Mcaffe total protection and did a system scan. It recognized 3 trojans and removed it. But it did not stop the problem. I did a system restore (using windows vista option) to a previous state (the one before I downloaded that freeware). It seemed that the problem was solved as I did not experience the problem after the system restore. But after a day the problem is ... Read more

A:Malware problem... redirecting when using search websites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

10 more replies
Answer Match 49.98%

Hi,

All search engines are redirecting to random websites (Google, Yahoo, Bing).
I've ran Malwarebytes and Spybot SD and still continue to have the same problem.
Please help.

Windows XP Media Center Edition
Firefox / IE

More replies
Answer Match 49.98%

I have Windows 7 32-bit and I am having a problem with all the search engines (google, search, yahoo, etc) in Firefox & IE redirecting to spammy websites, mostly Shopica.com. I have ran both Malwarebytes & SuperAntiSpyware a few times and sometimes it comes up with something (I think it says tracking cookie) that I get rid of but it just keeps coming back. I see there are many posts on this topic but I am a little worried about following another post and messing up my computer. Any help would be great, Thanks!

A:Serch engines redirecting to spam websites.

Hello and welcome.Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal InstructionsIf it finds something make sure Cure is selectedNext click Continue then Reboot nowA log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.

9 more replies
Answer Match 49.98%

For a while now I have been getting pop ups on my browser. Sometimes bottom right corner, sometimes bottom left, sometimes both. Also when I click links on the page I'm browsing sometimes it redirects me to another website entirely. It seems to be only certain websites that this effects as some sites I never get these problems.
 
I took some screen captures to show the pops ups in full swing.
 

With this one it shows the "chitka" pop up, this one cannot be closed. On the left this hollow pop up that can be closed.
 
This one shows the facebook style pop up.
 
The pop ups are always a combination of these three.
 
Here is my DDS report:
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16464
Run by Family Laptop at 9:34:32 on 2013-03-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3933.1058 [GMT 0:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrict... Read more

A:"Chitka"/facebook style pop ups and redirecting to other websites

Hello jon_johns Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at ... Read more

22 more replies
Answer Match 49.98%

Hey.
 
Today i encountered a problem. I went to use firefox to access certain sites on the net and it redirected me to a malicious page.. It was very disconcerting, my built in cpu speaker began beaping and a message poped up stating that i should call a certain number to resolve the issue.. "of being hacked allegedly according to the redirect page" I thought maybe the website was down, but their tech support says the site is running fine. i encounter the same problem with the unwanted redirects on my tablet too. This is what's leading me to believe that i have a virus on my router.. i mean after all what could be redirecting the same webpage on multiple devices? If this is the case, i need to know how to fix the problem.. Im pretty sure it's bbecause of a freeware book i downloaded off of the internet earlier in the day. But how would the problem spread to my tablet when i haven't even hooked it to the computer? Any ideas? I need brains on this problem.. any help would be appreciated. thanks

A:LAN virus? multiple computers redirecting certain websites.

You need to reset your router and then secure the router. If you need help doing that then post the make and model of the router.
How to secure your home wireless network router.
How To Reset Your Router
 
You should check for adware and malware using the programs below.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here 
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
The scan may take some tim... Read more

3 more replies
Answer Match 49.98%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:07:32 PM, on 7/29/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\igfxsrvc.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\System32\igfxpers.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\sm56hlpr.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot\TeaTimer.exeC:\Program Files\AskBarDis\bar\bin\AskService.exeC:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Softw... Read more

A:My log: google is redirecting links to shopping websites

Hello xjqkz,I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:1) Run Spybot-S&D2) Go to the Mode menu, and make sure "Advanced Mode" is selected3) On the left hand side, choose Tools -> Resident4) Uncheck "Resident TeaTimer" and OK any promptsYou can reenable TeaTimer once your system is clean.This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Where is your AntiVirus??? After you run ComboFix, go directly and get one of these : AVG, Avira OR Avast are good FREE antivirus.Thanks,tea

6 more replies
Answer Match 49.98%

I have a virus that redirects me after any search I do in Yahoo or Google. I also sometimes get re-directed on regular websites, but not as much as the search engines. I'm connected to my internet through a wireless router. Sometimes I'll connect to my brother's connection, who lives next door, and I won't get directed at all like I do when I'm connected to my connection. I have used AVG, spybot, and microsoft security essentials and nothing comes up on their scans. I just did a scan with Hijack This and this is the log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:47:38 PM, on 11/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Suppor... Read more

A:Virus/Malware redirecting me to unwanted websites

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Answer Match 49.98%

Hi. Recently i have been having a problem with google's search engine. When i type in a search and it brings up the results, i click on a result but it only takes me to a different search site. Please help
Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:00 PM, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wirel... Read more

A:Google Search Redirecting from normal websites

7 more replies