Tech Problem Aggregator

Redirecting When Visiting Websites

Q: Redirecting When Visiting Websites

Hello all,
I am having a problem with all of the browsers on my computer directing to a spam search site when I try to visit certain websites.

I believe the problem started when I installed this software to help me switch audio output very easily:
http://www.sevenforums.com/customization/65079-anyway-use-hotkeys-switch-sound-output.html

I've done the following:
1) Run updated Malware bytes Anti Malware
2) Run TDSS Rootkit Remover Tool by Kaspersky.
3) Run Virus Remover Tool by Kaspersky.
4) Reset my cookies in Chrome.
5) Read the "Before posting a log" on this forum (the sticky post).
6) Updated my notification options as recommended.
I could not run GMER as I'm running Windows 7 64 bit.

I've attached my DDS/Attach/Hijack logs.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Nublard at 12:30:59 on 2011-11-19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8187.6350 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = 210.212.5.73:3128
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\Users\Nublard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: mozilla.org\www
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{BCEB2523-C180-49F6-9F03-212B88E173C6} : DhcpNameServer = 68.87.71.230 68.87.73.246
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRunOnce-x64: [GrpConv] grpconv -o
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
RUnknown 6777473drv;6777473drv; [x]
RUnknown 71366055;71366055; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2010-5-13 21712]
.
=============== Created Last 30 ================
.
2011-11-19 17:25:16 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-17 02:15:55 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-11-17 02:14:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-11-17 02:14:59 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-11-17 02:14:29 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-11-17 02:14:29 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-11-17 02:14:29 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-11-17 02:14:29 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-11-17 02:14:29 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-11-17 02:12:51 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-11-17 02:12:19 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-17 02:12:19 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-17 02:12:19 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-17 02:12:19 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-17 02:11:52 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-11-17 02:11:51 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-11-17 02:11:51 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-11-11 05:13:58 -------- d-----w- C:\Users\Nublard\AppData\Local\Skyrim
2011-11-08 22:28:59 -------- d-----w- C:\ProgramData\Ironclad Games
2011-11-07 02:15:39 -------- d-----w- C:\Program Files (x86)\Stardock
2011-11-07 01:29:27 -------- d-----w- C:\Users\Nublard\AppData\Local\Ironclad Games
2011-11-06 01:18:05 -------- d-----w- C:\Users\Nublard\AppData\Local\Plex Media Server
2011-11-06 01:17:18 -------- d-----w- C:\Program Files (x86)\Plex
2011-11-06 01:05:17 -------- d-----w- C:\Users\Nublard\AppData\Local\Nero
2011-11-06 01:02:52 -------- d-----w- C:\Program Files (x86)\Nero
2011-11-06 01:02:34 -------- d-----w- C:\ProgramData\Nero
.
==================== Find3M ====================
.
2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 12:31:29.59 ===============

A: Redirecting When Visiting Websites

Hi,

you mentioned running a number of tools in the beginning, did they all come back clean? I'd be in particular interested in the tdsskiller log.

regards myrti

12 more replies

Quote: Originally Posted by Casuaisxtynine

Really really random bsod's. help please! :<

This is a repost.. I'm sorry for this but I need help

A:BSOD - Visiting websites

Hi Casuaisxtynine.

Click on the button below ....

It will download the DM log collector. Right click on the application and run as administrator. It will generate a .zip file on your desktop. Upload the .zip.
Screenshots and Files - Upload and Post in Seven Forums

9 more replies

Really really random bsod's. help please! :<

A:BSOD - Visiting websites.

Code:
BugCheck 116, {fffffa80046bb010, fffff88003bb045c, 0, 2}
This bugcheck indicates that an attempt to reset the display within the allocated time interval failed, hence the bugcheck.
This isn't a typical bugcheck in terms that this only happens when the graphics card doesn't respond either because of a bad driver or the GPU is faulty.

Code:
2: kd> KnL
00 fffff88005a7a1c8 fffff8800414b054 nt!KeBugCheckEx <-- The BSOD crash
01 fffff88005a7a1d0 fffff8800414ad5e dxgkrnl!TdrBugcheckOnTimeout+0xec <-- Instruction telling the system to crash if the graphics card doesn't respond.
02 fffff88005a7a210 fffff8800400ff13 dxgkrnl!TdrIsRecoveryRequired+0x1a2 <-- Telling the system to run a display recovery.
03 fffff88005a7a240 fffff8800403ded6 dxgmms1!VidSchiReportHwHang+0x40b <-- This reports the graphics card has hung.
04 fffff88005a7a320 fffff88004023ce9 dxgmms1!VidSchWaitForCompletionEvent+0x196
05 fffff88005a7a360 fffff88004026be7 dxgmms1!VIDMM_GLOBAL::xWaitForAllEngines+0x1e9
06 fffff88005a7a460 fffff880040252d8 dxgmms1!VIDMM_GLOBAL::SetupForBuildPagingBuffer+0xd7
07 fffff88005a7a4a0 fffff8800402522e dxgmms1!VIDMM_GLOBAL::UnmapVideoApertureSegmentInternal+0x34
08 fffff88005a7a630 fffff8800402e77e dxgmms1!VIDMM_GLOBAL::UnmapVideoApertureSegment+0x13e
09 fffff88005a7a6a0 fffff8800402e527 dxgmms1!VIDMM_APERTURE_SEGMENT::UnmapApertureRange+0x7a

8 more replies

We recently added a filter to our computer because of our children. Each week we get a report on sites that we attempted to be opened, but are blocked. There are several, but one in particular is on there all the time and has a high percentage. I am wondering if anyone recognizes it and if it is possible that somehow there is something on our computer that is automatically leading us there. We have not gone to it ever as far as I know.

It is: eserviceds1x.us.dell.com

We have both AdAware SE and Spybots and run them regularly.

Below is our Hi-Jack this latest run:
Logfile of HijackThis v1.98.2
Scan saved at 11:49:24 AM, on 10/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

A:Websites visited that we aren't visiting??

Hi MNgirl,

2° Create a permanent folder like C:\Program Files\LSP and extract the download zip file into that folder.

3° Log your computer in safe mode (hit F8 many times during booting procedure);

4° Disable your System Restore : have a look to Disabling or enabling Windows XP System Restore ;

5° Close all open windows - it is very important;

6° Run LSPFix : click only the Fix button;

7° Reboot normally and post a new HijackThis log.

3 more replies

I am rephrasing the question to be more specific. I cannot see how my first request was inappropriate. I have not needed to set up a network in years, so I hope someone has the answer to my question.

I am paying for my home internet, and I do not want anyone visiting pron websites. Is their any tool that can alert me if one of my friends is accessing inappropriate material on the website. Someone closed my question before, so I guess knowing how to share their internet histories is NOT the proper answer.

I will not stand for people looking at bad websites, so I hope someone can point me to a decent solution.

A:I need to make sure users are not visiting bad websites

6 more replies

I have a:
Gateway laptop Gateway Laptop
MX6433
AMD Turion 64 mobile
Technology ML-30
1.59 GHz, 448 MB of RAM
Windows XP Media Center edition (service pack 3).

I bought it two years or so ago. Since as long as I can remember I have had this problem.

when I am on my browser (I use chrome, firefox, and IE) my wireless connection will cut out after a while. I have noticed that if I am on just one site (example: Pandora.com) it can be fine for hours. But once I start going to different sites, I eventually get kicked off. It can be any website, Facebook, youtube, etc.

When I lose connectivity, I refresh my wireless connections and only the printer comes up. If I try to right click on the tray icon to repair internet connection, it freezes. I am guessing that this is a hardware problem. (?) Though I'm not extremely technical with computers, I know my way around most issues that can arise.

I have reformatted my hard drive (twice) and all my software is up to date. I have run AVG scan and Ad Aware scan hundreds of times. Can anyone offer assistance? Thank you very much!

More replies

Hey guys,

I have a friend who has an adult filtering program on his computer. I get a daily email with all of the sites his computer goes to. I know that they are not visiting these sites personally, so, there has to be some malware/adware that is causing it. I also learned today that there are a number of popups, probably related to these sites.

The websites are:

Also - it has been running slower as of late.

Thanks for the help.

Jeremy

A:Vista Laptop - visiting certain websites automatically every day

I hate to use the word "Bump," but, I just wanted to send out a reminder....

6 more replies

I've been able to run a few scanners, Avast!, Spybot S&D, AVG, etc- spybot found a few things, and deleted them. The online webscanners like panda and trend micro won't allow me to goto the sites, because whatever the virus is takes me to another site/weberror even if I type it straight into the adress bar. I ran stinger and it found no errors, following is my hijackthis logfile.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:37:14 PM, on 9/15/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Spy... Read more

A:Doesn't Allow Visiting Of Anti-spyware Websites

Hello Shoyu,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies

is it safe to visit a website that has been attacked with SQL injection? ..as an example google www.wowyeye.cn www.killwow1.cn and look at the websites that have been compromised by these Chinese domains, if by chance if you surf to a site "taken over" can that website with the attack host files be downloaded to your browser?

A:visiting Compromised websites -SQL Injection ATTACKS

6 more replies

As the title states, after visiting some potentially dangerous websites, my laptop is acting a little strange. I'm concerned that a trojan virus or the like may be capturing my data/passwords. I would greatly appreciate any assistance! Below is my generated  FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-06-2016 02
Ran by Oracle (administrator) on ORACLE-PC (06-06-2016 15:14:36)
Running from C:\Users\Oracle\Desktop
Loaded Profiles: Oracle & UpdatusUser (Available Profiles: Oracle & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

A:Suspicious behaviour on laptop after visiting questionable websites

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Remove this program via the Control Panel > Programs > Programs and Features applet.Driver Downloader v3.2 (HKLM-x32\...\Driver Downloader_is1) (Version: 3.2 - PDE Publications Limited)===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1473783762-3503634554-1593080487-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-06-02] <==== ATTENTION

0 more replies

Upon visiting websites, a pop up comes up (screenshot available upon request) informing me to contact my ISP (which is the correct one) and a phone number to call. Some annoying voice also speaks this and can only be terminated via the task manager. Everything that has been done so faris outlined in previous correspondence here: http://www.bleepingcomputer.com/forums/t/590600/possible-malware-informs-me-to-contact-isp-when-visiting-websites-to-remove-it/

All browsers are affected and seems to be triggered mostly by stream2watch.com but is not limited to there as I get the message randomly on other sites (ESPN, CNN, Bleeping computer included)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by justin (administrator) on ROCKHOUSE-PC (20-09-2015 05:23:17)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Codebox Software) C:\Program Files (x86)\C... Read more

A:Possible malware informs me to contact ISP when Visiting websites to remove it

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
HKLM\...\Policies\Explorer\Run: [Mpk.exe] => C:\Program Files (x86)\KGB\Mpk.exe
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
OPR Extension: (No Name) - C:\Users\justin\AppData\Roaming\Opera Software\Opera Stable\Extensions\mhgklikgljbhnomlmhmondmafldgmojo [2015-08-31]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe &... Read more

16 more replies

OS = Windows 10, effects all browsers used (slimbrowser, slimjet, IE11, Firefox w/noscript running, Chrome, Opera, these are the only ones i tried)

When browsing to a website (typically seems to be stream2watch) but others randomly trigger a message that informs me to call my ISP to remove malware, and a fake blue screen error withing a browser windows behind that. This can only be terminated by ending the task within task manager. ALT+F4 does nothing, just sends it repeating.

I have Secure A Plus running along with Superantispyware, both have run a full scan and to no avail minus piddly tracking cookies in SAS. ADW cleaner also has been run after the fact. No repeat customer seem to appear.

I have a screen capture if you would like to see it, and hope to get this resolved, it gets very irritating. Thank you

A:Possible malware informs me to contact ISP when Visiting websites to remove it

20 more replies

My operating system is Windows Vista, and I use Google Chrome. Several times, I will type in the address of a website (e.g. www.amazon.com) and I get another one altogether (e.g. www.walletpop.com). I'm not sure where the problem is. Has anyone tracked this down? Is it with my ISP, or my router, or my computer? Is this a virus, or other malware, or what? Any idea how to fix it?

Any help is very appreciated. Thank you.

-Nicholas Dwork

A:Websites Redirecting

Hi there

With the issues that you describe, I recommend that you follow our instructions for malware removal help which can be found here - NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply from a helper - it may take a few days.

1 more replies

Hi! I am in need of serious help becuase i think im infected with something but dont know. Every time i try to click on a link i am redirected to all these ad websites and random search engines. I downloaded Hijack and here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:58:38 PM, on 8/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:38:48 PM, on 8/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Rogers Online Protection\Rogers Online Protection\rps.exeC:\Program Files\Lexmark 2300 Series\ezprint.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\Program Files\Common Files\Real\Update_OB\... Read more

A:Redirecting Websites (NEED SERIOUS HELP!!)

2 more replies

Hi there, google keeps directing me to other websites when I click on the results. Was using firefox, now that doesnt work at all now using chrome, and uninstalled ie. If you see any other suspicious progs lemme know as I downloaded something a while ago which wasnt good.
Problems with gmer are: when i first open it it says could not load driver as an instance is already running, then i carried on anyway with most the boxes being unable to be checked then after three quarters of an hour it says no system modifications are present. Comps also slowed alot....
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Mikel at 16:15:07 on 2011-11-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1565 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe

A:Redirecting to other websites

Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

3 more replies

Hello, I'm new to this website. The reason I'm posting is because everytime I do a google search (or a yahoo search) I get my results, but when I click on something, it redirects me to another website. They're usually the same website, but sometimes others come up as well. I don't know a lot about computers, so you're going to have to tell me what I need to tell you so you can help me. I have Norton, but as I'm finding out on these forums, it's not very helpful. I tried running malwarebytes and it found one thing which I deleted, but it hasn't solved the problem. I don't know what else to do, so hopefully someone can help me out.

A:Redirecting to other websites

Start a new topic in the Secuirty Forum - I'm I infected? What do I do?

6 more replies

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:38:46 PM, on 7/8/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Z\AppData\Roaming\dwm.exe
C:\Users\Z\AppData\Roaming\Microsoft\conhost.exe
C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwl... Read more

A:Websites redirecting

13 more replies

Hi guys, to start off, I'll tell you what this virus/trojan or whatever does. When I search something up on a search engine and click on the link of a result, it takes me to some random website. A common website is stop-spyware.net. I can't X out of Mozilla and I must ctrl+alt+del to close out Mozilla. Other websites include: aranet.org, bashfr.com, bookcrosser.com, casasa.com, condea.com, and toseeka.com. Another problem is that every time I try to run RootRepeal, my computer crashes and restarts on me. It shows a blue screen quickly with letters and numbers on it and then crashes. On restart it simply says, "System has recovered from a serious error." I only got this virus/trojan after I let my nephew use my computer. Sorry that I wasnt able to attach the Ark.txt, I kept crashing while running it as posted above.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Ahsan at 14:45:38.26 on Thu 08/20/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.564 [GMT -5:00]

AV: AVG Internet Security *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs

A:Redirecting websites!

2 more replies

I've run numerous programs, AVG, Malware, Avant, Spyware Doctor, to no avail. Please help. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:35:00 PM, on 8/5/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Acronis\TrueImageHome\Timoun... Read more

A:Redirecting to websites!

7 more replies

I'm randomly getting web page redirects, even from this site.

I ran Microsoft Security Essentials. It found, and supposedly removed three viruses:
Trojan.Win32/alureon.CT
Trojan.JAVA/Selace.M
Exploit.JAVA/CUE-2008-5353.c

Malewarebytes found nothing.

I'm still getting web pages redirected.

I'm running Windows 7 operating system. Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 4:38:14 PM, on 3/7/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ... Read more

More replies

I'm running a Windows XP and have encountered the above problem. Clicking on a page I'm currently on and out of nowhere I get redirected.

I have been having 'reminders' from adobe to update my flash, well yesterday I downloaded new software from said Adobe. As soon as this was installed, the redirecting me other other websites and also pop ups started.

I have since then, run my virus protection, all areas scanned, all drives individually  C:\  F:\  G:\
All programs installed on that date are uninstalled. I've run computer in safe mode and I'm still experiencing the problem.

Also I have to add I did check this forum out earlier for advice and followed a few things to download and try but I can't be specific of what I tried. Anyway, problem still here :-(

Please could someone give step by step advice on what to do?

Many thanks
Becky

6. Lastly, before hitting that POST button, take the time to read what you are posting from the point of view of someone trying to help and ask yourself, "is this as clear as I can make it?" When your problem is resolved, remember to add a final reply letting everyone know what worked; this effectively closes the thread as well as validates the solution offered.

A:Pop up redirecting me to other websites.

21 more replies

Hi

Internet Explorer is constantly redirectly to websites.
Windows 7 - HP Pentium Laptop
Sometimes it tells me it is unable to open websites for no apparent reason.
I ran DDS but am unable to run GMER. I downloaded it and extracted it but I can't do anything to it when the screen opens (will not let me check or uncheck any boxes in the window)

Here is my DDS LOG

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by maggie at 14:56:57.67 on Tue 01/04/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1224 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

A:IE is redirecting and pop up websites

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

31 more replies

When I search for websites using IE explorer and click on a result it redirects me to a spam type site such as find.stuff. com. Sometimes it even takes bookmarked sites that I have bben using for years and redirects/hijacks them. Here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:45 PM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

A:Need Help- Redirecting websites

8 more replies

Recently, I have been getting redirected to random websites when I click on Google search results. I tried twice to run GMER, but my system crashed.

I have a IBM Thinkpad, which I believe has the Windows install included. I do not have a separate install disc.

Here is DDS.txt:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Julieta at 12:18:10.03 on Sun 02/13/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft? Windows Vista? Business 6.0.6002.2.1252.1.1033.18.2006.724 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WLANExt.exe

A:Redirecting to random websites

I think I have solved the problem.

2 more replies

Hi All, I am currently having a problem on my laptop, when I enter
http://facebooklikes.com (my domain hosted on a reseller account through Hostgator)
into my browser it gets redirected to a page operated by Searchdiscovered.com , if I try to access http://facebooklikes.com on my desktop it goes to the correct site which is a new wordpress installation I recently made. I also deleted my facebooklikes.com account with hostgator and then re-opened it creating a new cpanel access and new database with wordpress install. The reason I did this is I had also been experiencing an intermittent
scripting problem where my websites would have new php files created and permissions changed to 777 on index.php files which would prevent my sites from loading properly.
My main issue now is figuring out why only my laptop is affected by the redirect to searchdiscovered,com pages when I try to access my http://facebooklikes.com site.

here is my info, Thanks Jeff

Laptop info

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz, x86 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 2037 Mb
Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 384 Mb
Hard Drives: C: Total - 111348 MB, Free - 69864 MB;
Motherboard: Dell Inc., 0KY767, , .FLD1VF1.CN4864383A1025.
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated: Yes, On-Demand Scanner: Enabled

A:redirecting problem with one of my websites

still need help, July 18

1 more replies

Hi,I am having issues with my web browsers redirecting to various websites. I mainly use fixefox, but this is also happening with Internet Explorer. I also have Google Crome installed, which cannot bring up pages at all since the problem started.I have added the DDS report, and attached the "attach.txt" file. I have not managed to complete a GMER scan, as each time I have run it, the computer has rebooted, and once I got a blue screen with error "PAGE_FAULT_IN_NONPAGED_AREA pwldapow.sys - address B2B37C3E base at B2B37000, Datestamp 4b274f8d.Your help in resolving this issue would be greatly appreciated.Regards,Bryan. DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 21:05:37.42 on Mon 04/10/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1007.484 [GMT 10:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exesvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dla\tfswctrl.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\Program Files\Common File... Read more

A:browser redirecting to various websites

20 more replies

Hello,

I noticed windows defender (dident even know it was running) advised me i had a 'back door' virus yesterday, i followed the instructions to removed the file and send it to microsoft, i then attempted to download Malwarebytes (www.malwarebytes.org/) and get the following error "The requested URL /lp/malware_lp?gclid=CNib4_rA27ECFVBIpgodNlwA6Q was not found on this server. That?s all we know." or i immedeatly get redirected to gooles homepage (my homepage) if i type in the address www.malwarebytes.org.

I then read the posting guild on bleeping computer and attempted to download defogger and i get the same type of error a google page saying their is no type of file.

A:Redirecting select websites

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies

Hi,Im having trouble with google links that are directing me to random pages, i've run combofix and got the following report.. any help would be greatly appreciatedComboFix 10-05-29.05 - Darren & Clare 30/05/2010 10:30:38.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.959.563 [GMT 1:00]Running from: c:\documents and settings\Darren & Clare\Desktop\ComboFix.exeAV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Darren & Clare\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnkc:\documents and settings\Darren & Clare\Application Data\Ophiac:\documents and settings\Darren & Clare\Application Data\Ophia\neozo.exec:\documents and settings\Darren & Clare\Start Menu\Internet Security 2010.lnkc:\documents and settings\Darren & Clare\Systemc:\documents and settings\Darren & Clare\System\win_qs8.jqxc:\program files\InternetSecurity2010c:\windows\system32\11478.exec:\windows\system32\15724.exec:\windows\system32\16827.exec:\windows\system32\18467.exec:\windows\system32\19169.exec... Read more

2 more replies

Hello dscm,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies

Hi , my browser keeps redirecting me to other websites. i got a little info on how i may resolve this issue.

1 install highjack this
2 installed
3.scan
4 copy log
5. find some one to read and indeftify problems in this log..

so here is the log if anyone can help I would really appreciate it!!!!!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:10:15 AM, on 9/4/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

A:need help .. my browser keeps redirecting me to other websites

12 more replies

Just this morning I noticed that my browsers (usually Firefox, though I tried IE too) are automatically redirecting most of my webclicks to random websites and not working properly. I've been running my machine, a new Lenovo with Vista Home Premium with Symantec Anti-Virus and Windows Defender. After seeing the problem today, I tried installing Spyboy, Adaware and Malwarebytes and none would work properly. Adaware installed but I couldn't update it--I ran it as is and found a few cookies but nothing major. Malwarebytes seemed to install but when I clicked to open the application nothing happens. And Spybot wouldn't install at all.

I'm currently booted in safemode where I tried again and failed. I hope that's not a problem for the DDS files:

Any help would be greatly appreciated!!

David

DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by David at 16:07:38.49 on Sun 04/12/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2519.1714 [GMT -4:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

A:Websites are redirecting from what I click on

2 more replies

When I go to a website, typically using Google or Yahoo search engines, I am getting redirected to ad websites. Most times it just redirects my current IE Window but sometimes it will open a new window for the ad. It sounds exactly like what this person was going through:http://www.bleepingcomputer.com/forums/t/272327/search-engines-redirecting-to-random-websites/I have tried doing scans with Malwarebytes, Ad-Aware, SUPERAntiSpyware, SDFix, VundoFix, among others and nothing seems to work. It looks like you helped the person in the forum above so I am hoping you can help me as well. Thank you very much for your help.Here is the DDS log and I have attached the Attach.txt log and the Ark.txt log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Kevin at 19:13:03.95 on Tue 12/01/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1232 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\CTsvcCDA.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\runservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\WINDOWS\system32\nvsvc32.ex... Read more

A:Random redirecting of Websites

6 more replies

This is happening both on IE7 and FF3. Thanks in advance for any help.
HJThis log as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:49 PM, on 8/26/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\V0230Mon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

More replies

In Firefox and Internet Explorer on my desktop, any time I try to go to www.weather.com or www.espn.com I am redirected to Google.

I cleaned up the cookies and all the temp files. I'm not sure where else to look. Any ideas?

6 more replies

Ok, this is my first time posting so here we go:

The problem started with a slow computer which eventually turned into redirecting websites through internet explorer and mozilla firefox. What would happen is I would go search for something at yahoo.com or google.com and it would redirect me to anti virus websites and adware. So, I downloaded ad-aware and it really didn't do anything for me. I eventually took it to my buddy at geek squad and he removed almost 9 viruses from my system. Got the computer back, everything worked perfectly. I now have trend micro internet security. I did a system scan and it found 2 adware problems, and Pac Generic. AWESOME! Grr...So, I removed all the issues, uninstalled mozilla firefox and deleted internet explorer. I am now using Safari by Apple as my internet. I have no redirecting issues with this now but I want mozilla firefox back. Trend Micro isn't picking up any problems in windows mode or safe mode. Someone PLEASE help...?!!?!
Below is my system info and my hijack this log...

System Information:

OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name KOSOBUDNFAMILY
System Manufacturer HP Pavilion 061
System Model PP164AA-ABA a810n
System Type X86-based PC
Processor x86 Family 15 Model 12 Stepping 0 AuthenticAMD ~2411 Mhz
BIOS Version/Date Phoenix Technologies, LTD 3.07, 1/10/2005
SMBIOS Version 2.3
Windows Directory C:\WINDOWS

A:Viruses and Redirecting Websites....HELP

I also downloaded ATF Cleaner and Malwarebytes' Anti-Malware recently and did a scan. It found 3 items and deleted them..one trojan...another having to do with the search bar dealing with the internet and one adware item. So, I downloaded mozilla firefox again..and my search engines were fine for about...a day..then...the same stuff. Redirection to antivirus websites when searching in google, or yahoo. Any ideas anyone???? i dont want to have to reconfigure my hard drive....or go to a system restore..there has to be a way

3 more replies

Hello,

I posted this post a couple of weeks ago but didn't change my settings so I never received notification that you replied and the topic is now closed. Apologies for that.
I followed the instructions and ran DDS.

The redirecting issue happens no matter what browser I use (IE and Firefox).
Your help would be greatly appreciated.

Thanks,
Matt

Here is the paste of DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
Run by Matteo at 12:09:10 on 2013-01-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3982.914 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

A:Google keeps redirecting to other websites

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

16 more replies

I have ran AVG, Super Antispyware, and Ad-aware. It isn't catching anything, but IE is taking me to other websites. I bring up yahoo.com and if I search for anything it takes me to many random sites like viagra.com and momversation.com Can anyone help me?

Thanks so much!

Shay

A:Virus is redirecting IE to other websites

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies

I think I have some type of virus. I run on windows 7. Every time I am on my browser both Internet explorer and Mozilla I click on a results link and I am redirected to a completely different site. I have already ran Malwarebytes and nothing was found . What can I do to fix this?

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by zaynab at 12:03:34 on 2011-12-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5884.4075 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe

More replies

I am running vista Business. Kasperski 12.0.0.374 as my anti-virus. on a Toshiba laptop that is a few years old. Kasperski started complaining about Heur:Trojan.Win32.Generic in c:\windows\system32\drivers\tdx.sys which it was unable to disinfect. at some point after this i noted that webpages would randomly go to places i did not direct them to "some sort of proxy or redirect" I attempted to run MalwareBytes and it didn't seem to detect anything. Before reading the instructions for this forum i ran a copy of Combofix, hopefully that will not screw up the process. attached is both dds logs and gmer logThank you in advance for any help you can give. Steven LambEdit: Moved topic from Vista to the more appropriate forum. ~ Animal

A:Websites Randomly redirecting

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

50 more replies

The websites I click on redirect to other sites. I've used spybot, spyware doctor, malwarebytes and nothing works. I downloaded HijackThis and I think I found the problem. When I checked the boxes to fix them they still didn't go away. Here is the logfile from HijackThis I hope someone can help because this is driving me crazy trying to figure out.Thank You,PJSPJSLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:59:01 PM, on 6/18/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\stsystra.exeC:\Program Files\Common Files\AOL\1238830345\ee\AOLSoftware.exeC:\Program Files\Lexmark 5000 Series\lxdmmon.exeC:\Program Files\Lexmark 5000 Series\lxdmamon.exeC:\Program Files\Real\RealPlayer&... Read more

A:Websites redirecting - malware

2 more replies

sorry such a rude first post, I normally introduce myself, but it has taken me forever just to get to this place due to the fact that I keep getting redirected to search sites. I've ran malwarebytes (latest update) but it doesn't get rid of the rootkit when i restart my system. (just FYI i got this nasty bug from wwtdd.com) I am unsure of what i can do next, and i don' want to do a complete system restore...I just did one last week, and I'm unsure of trying to use combofix, as I've never used it before. Any help would be greatly appreciated!Update- I've also ran Spybot Search and Destroy, which did get rid of some stuff, and things are running faster, however, I'm still being redirected to 'thefeedyard' and other search sites.

A:'thefeedyard' redirecting websites.

Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

9 more replies

Hey everybody, thank you for helping me out. Recently I have found that google redirects to other websites than websites I intended to go to and Malwarebyte's Anti-Malware is blocked from running unless mbam.exe is renamed to something else. In the past I have just run Spybot or Combofix and that always fixed the problem, but this time nothing has worked. I have ran Spybot, Combofix, SUPERAntiSpyware, and Malwarebyte's Anti-Malware to no effect. I have searched around the net I believe that this is a fairly new virus so I haven't seen any solutions to this yet. Here is a log from Malwarebyte's Anti-Malware after it had supposedly removed the files that seem to be the source of the problem, unfortunately this problem still pervades. If you need a HijackThis log please just ask; here is a similar problem with one: http://forums.techguy.org/malware-removal-hijackthis-logs/904477-links-google-redirecting.html.

Code:

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

3/17/2010 10:27:51 PM
mbam-log-2010-03-17 (22-27-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 300996
Time elapsed: 2 hour(s), 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

More replies

I am working on my bosses wifes computer and it is infected with a redirector that is using BNVDRS.COM as the website.

I tried running Malware bytes and TDSkiller and a couple other tools that were discussed in other discussions. But to no avail.

I am thinking we are going to have to do this step by step and I do not know what I am looking for in the logs.

Any help would be greatly appreaciated.

Russell Fosberg

A:BNVDRS.com is redirecting me to websites

1 more replies

I think I have been hit with malware. I click on google search links and i keep getting directed to various random sites (TheAdMagnet, LocalBuzz, FoodPuma, SureBaby, et. al).
I deleted the software i thought was the culprit, some apple/mac GUI transformation pack. I have tried to to a clean install of windows but I am missing some files and can't complete it. Also, on hijack this, I get an error message (see photo link below). MalWareBytes found nothing either.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:49:54 PM, on 11/30/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe

More replies

Hi,

I'm currently running Windows XP Pro, SP3. The install is fairly fresh, but I believe I've caught something bad.

I ran Malwarebytes' Anti-Malware and nothing was found.

Could someone please assist me in fixing this non-sense?

Thank you.

Hello these next.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run ... Read more

5 more replies

I clicked on a Spam link and I got infected by a UKash ransomware. I have K7 installed and it did not identify it. I googled for help and scanned the system with Malware Bytes and it detected and removed the ransomware.

However, I keep getting notifications saying that Malware bytes blocked outgoing traffic to 195.88.209.15. I can also see "IP-BLOCK 195.88.209.15 (Type: outgoing)" in the log.

Moreover, when I try to surf the internet it gets randomly redirected to random websites. I ran both rkill and tdsskiller - both did not detect anything. I tried running combofix against the advice given in this forum as I was very desperate to get my laptop cleaned (Sorry!!).

The DSS.txt content is below. Any help on this is much appreciated. I am a student and I am in the middle of preparing my university thesis, so the sooner I can get my laptop clean the better it will be for me.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385
Run by Dell at 17:52:05 on 2012-12-14
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2997.1422 [GMT 0:00]
.
AV: K7TotalSecurity *Enabled/Updated* {96053243-D4B1-7CB4-BBA0-4BFBC0A5A129}
SP: K7TotalSecurity *Enabled/Updated* {2D64D3A7-F28B-733A-8110-7089BB22EB94}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: K7TotalSecurity *Enabled* {AE3EB366-9EDE-7DEC-90FF-E2CE3E76E652}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe

A:HELP needed - Websites keep redirecting

I did attach the attach.txt file in the previous post, but I couldn't see it in the post. So attaching it here again.

P.S.: bleepingcomputer.com get redirected most of the time so posting this from another machine. Thanks in advance for the help!

19 more replies

Hi,

I have a dell laptop running windows 7, 64 bit. A few weeks ago I tried to download the new version of internet explorer. While installing, something else popped up to install and I clicked yes. McAfee said it had detected alueron and then the computer carked it. I used the Dell emergency backup and restore tool to wipe the computer, however I now have issues with websites redirecting. This occurs in both internet explorer and firefox. I've tried a few different programs to remove what is causing this (AVG, malwarebytes, ad-aware, emisoft) with no success. Any help you would be able to give me would be much appreciated. DDS text is below and attached.

Thanks.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Companion Cube at 20:51:08 on 2011-08-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3957.2682 [GMT 10:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

A:Alueron, now websites redirecting

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Fir... Read more

15 more replies

I am running Windows 7 premium and Lavasoft Ad-Adware protection.I have used Malwarebyes without success. I do a complete scan everyday and get 5 to 180 traces every scan. These are usually cookies. I am unable to reset my IE9 to original default. So I was directed to you folks by Microsoft Community since all the remediesthey suggested and I tried didn't solve the problem. Google Chrome is my default browser and of course Bing comes with MSN--my home page. HELPEdit: Moved topic from Introductions to the more appropriate forum. ~ Animal

More replies

hello , my computer has been acting wierd latly whenever i go to click on a website it always takes me to pages i didnt even want to go to . i looked this up on the internet and found it was a browser hijacker and i was recommended to use hijackthis so i have and i dont know what to get rid of...i was told to paste my scan log to a website where people who no far more than me could tell me what is safe to delete and what i should keep

so heres my log hope you can help me , if not i whould love if someone could give me a alternative solution ...thanks

A:My computer keeps redirecting me to websites

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:56:55, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

10 more replies

Hi there, I was using chrome for a while, but it's started playing up and redirecting me to wrong websites, like when I've went on the google chrome extensions page from google search it redirects me usually to the google homepage, but sometimes it takes me to this other website, I think something to do with security. Before everything was fine but it then it said google was using a weak algorithm and something to so with a certificate, I'm sorry I'm a little vague because I forgot what it said. I'm not sure if other things are happening on opera, but not long ago I came across a thing i couldn't get out of which was saying I was blocked from the internet because of copyright!

I also uninstalled chrome to see if it worked, but it didn't and I also uninstalled mozilla as well and download them again to see if it worked. but nothing happened.

Also, what free antivirus thing should I get? I can't believe I haven't gotten one sooner, if I had I bet I wouldn't of even gotten into this mess, but I've learnt from it and I'll make sure it'll never happen again.

EDIT: I guess the security error from chrome only pops up occasionally, here is what it says:
The site's security certificate is signed using a weak signature algorithm!
You attempted to reach chrome.google.com, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server... Read more

A:Chrome Redirecting Me To Other Websites

Run a full scan with Microsoft Security Essentials and Malwarebytes Anti-Malware.

Malwarebytes is free, just Decline trial version when installing.

8 more replies

Hey guys, so ill get straight to the point. im all of a sudden being blocked from websites that i used to visit with no problems. ill google a website, (ie glocktalk.com) click the link and it will redirect me to a website called blocked-website.com where it says:

Sorry, but glocktalk.com is blocked on this network.
This site was categorized in: Weapons, Forums/Message boards

An exclusive network of highly successful Investment Advisors

www.nfpasg.com

Daily Penny Stock Picks

This Stock Will Explode

www.PennyStockCircle.com

8% Annual Annuity Return
Get Guaranteed Lifetime Income and Reduced Risks to Retirees All Here.

i tried superantispyware, malewarebytes, cc cleaner, avira all failed. any help would be great.

HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:40:08 PM, on 3/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\DAODx.exe
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series&... Read more

A:blocked from websites redirecting

i also just tried accessing the same site on a different computer on my network and its still being blocked.

4 more replies

I think I have some type of virus. I run on windows 7. Every time I am on my browser both Internet explorer and Mozilla I click on a results link and I am redirected to a completely different site. I have already ran Malwarebytes and nothing was found . What can I do to fix this?

A:browser links redirecting me to other websites

I think I have some type of virus. I run on windows 7. Every time I am on my browser both Internet explorer and Mozilla I click on a results link and I am redirected to a completely different site. I have already ran Malwarebytes and nothing was found . What can I do to fix this?

hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:39 PM, on 6/11/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Mighty Magoo\mightymagoo32.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plu... Read more

10 more replies

I don't know what happened. 1st I got some kind of windows defender thing and I didn't click on it. Then I system restore and nothing changed.Now when I google and click on the subject, my browser opens some unknown place. Firefox also refreshes tabs by them selves and opensto an unknown websites. I have AVG and I have run Spy Bot and SuperAnti spyware, they found nothing.I did the DDS. This is driving me crazy. I appreciate any and all help I can get.Thank you!

A:browser is redirecting to unknown websites

2 more replies

This comes up whenever I try to go to the Windows Compatibility Center site:
https://www.microsoft.com/en-us/windows
but that is not the compatibility center, and I use Windows 7 HP 64 bit so it does not apply to me at all.

Has the compatibility center page been taken down, or is there a way to navigate to it from the above page please??

More replies

More replies

I ran supermalwarebytes and avast before finding this forum. It kept finding threats and said they were deleted , but they are still there after I reboot. The foreign processes that are running can not be found in their filepath even after I have checked that my settings say to show hidden folders. Please help me remove this virus, etc....Below is the DDS file and I attached the other requested files, however the GMER program only let me check the (services, regestries, files from c:) because the other boxes were shaded and unavailable. I tried GMER twice with the same results...Thanks for helping me!!

DDS File

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Angela at 11:50:38.19 on Mon 04/11/2011
Internet Explorer: 9.0.7930.16406
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2531 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.

A:Websites redirecting and can't delete processes

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

14 more replies

Hello,
I am using Windows 7, and am having redirect problems that I believe are caused by a root ransomware virus.
The problem began with redirects to Interpol and Italian police ransomware sites (I am an American in Italy). Not all sites redirected at first though, and eventually Malewarebytes and Avast were able to locate and quarantine some files.

But the problem has not gone away. The only sites I can access are major ones (nfl.com, cnn.com, youtube.com, etc., avast's website, google sites, etc.) Any smaller websites (atlantic.com, huffingtonpost.com, etc.) get redirected. At the moment, the redirects on Internet Explorer go to a graphic "dating" website, which can be closed down easily. On Firefox, the "Interpol" site still comes up, though Avast tends to stop it and quarantine it before it causes any harm. Nevertheless, I still can't go on the site. I am using Chrome without Javascript to figure out what to do (how I am using this site right now, which would redirect otherwise). So whatever it is, it functions off of Javascript.

The real problem is that whatever is messing with my internet is on my computer, and is not being found. I'm constantly running scans through Avast, Malewarebytes, and now AdwCleaner. Each one at one time or another has found problematic files, but nothing has eliminated whatever is causing the problem. And the great majority of scans say nothing is wrong, which is patently not the case.

On one hand, the problem does not seem to be very serie... Read more

A:Websites redirecting, scans find nothing

Didn't mean for that to be a giant block. I had paragraphs, but I am forced to not use Javascript in order to use this site, which I think caused that rather unseemly mess.

1 more replies

I've multiple antivirus/malware programs on my computer as I've been following another set of instructions to try and remove this. Nothing's working. When I search for anything pertaining to "google redirect virus", when I click on a few random results, I'm redirected to sites such as couponmountain.com. Here's my log. Thanks in advance~
DDS (Ver_09-06-26.01) - NTFSx86
Run by Edgeyworthy at 18:55:49.78 on Mon 07/20/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.476 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.8.1335 [VPS 090720-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe

2 more replies

Hi guys, great forum! The last couple of days my google searches have been redirecting me to websites like heavy.com and referenco.com...I have googled my problem and by the looks of it my browser has been hacked (whatever that means!)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:24, on 21/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

A:google results redirecting me to different websites

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply.

------------------------------------------------------

2 more replies

This is not my computer so I have limited information as to the activities that led up to this infection, but I have only been able to access maybe five or six websites at ALL on her computer. Often, even if a page does load, it skips to another page for no apparent reason. I was loading a google search, and it jumped to craigslist. Then it opened up a weight loss website and gave me some popups telling me I need to download an anti-virus program I had never heard of. (I wish I had written down the url it tried to direct me to, because I have not seen said popup again).Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:18:43 AM, on 7/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\System32\cisvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\Exp... Read more

A:Worm Redirecting/blocking Websites

2 more replies

Hello all. I am new to this forum. In the recent days, my C Drive has been filling itself. I was also getting redirected to some random websites. I looked up for many guides and some forums on Bleepingcomputer. I followed this post/page.
http://www.bleepingcomputer.com/forums/t/483583/virus-causing-hdd-to-become-completely-full/
i know i shouldn't have done that and i'm sorry for this. I downloaded all the softwares mentioned in the above link. I ran ADwCleaner. I also ran roguekiller and combofix (again. i shouldn't have done that without experts' help.). I also ran TDSSkiller. After that i ran aswMBR and it crashed in the middle. Then i ran CCleaner. After that a scan with Malwarebytes. A few threats popped up, but most of them were trainers. I removed all of them. Now after rebooting the computer, i noticed that the problem of C Drive filling itself up still exists. I also ran OTL. I would love it if anyone will be able to guide me on what to do now. I know i f'ed it up, but i didn't know that i shouldn't have done all that. :/
P.S. I have Windows 7 ultimate 64 bit service pack 1 and Kaspersky internet security 2015 with malwarebytes and CCleaner installed.
After doing all of this, i followed the guide at
http://malwaretips.com/blogs/malware-removal-guide-for-windows/
C drive went from 5GB to 24.7 GB.
It reduced to 24.6 GB and now that website redirecting bleep is happening again. My ram usage is also 46% for no reason at all. (i have 8 GB ram)
Any help would ... Read more

A:C drive filling itself and redirecting to different websites.

24 more replies

I am using Windows XP on my laptop.

I got infected by trojan horses from downloading a file on Limewire a week ago. On the next day, my Firefox would not connect on the internet (Connection interrupted) but was able to go on the net on Internet Explorer. Used Malwarebytes (which caught a bunch of infected files which were deleted and quarantined successfully) to reestablish the Firefox connection.

Now I have redirecting issues despite using SuperAntiSpyware, Spybot:S&D (caught the trojanC and Microsoft.Windows.SecurityCenter.Firewallbypass) and AVG (Which caught the infected file from limewire but I had already deleted them: Trojan Horse SHeur2.BNPZ/BNPX/BNMQ/BNLQ/BONB. There are two files of Trojan horse SHeur2.BONB in C:\RECYCLER... and C:\System Volume Information\_restore\...). In an effort to minimize the problem, I used the NoScript add-on of Firefox and downloaded SpywareBlaster. Can anybody help me solve my problem? Thank you for your time.

Here's the first log I had using Malwarebytes on October 30 (Note: I installed Malwarebytes on October 30 and did not change the name of the file to zztoy.exe before installing it, if that's relevant):

Malwarebytes' Anti-Malware 1.41
Database version: 3063
Windows 5.1.2600 Service Pack 2

10/30/2009 11:10:17 PM
mbam-log-2009-10-30 (23-10-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 250146
Time elapsed: 2 hour(s), 4 minute(s), 35 second(s)

Memory Processes Infected: 0

(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)Now put a check next to Complete scan to scan all local disks and removable media.In the top menu, click Settings > Change settings... Read more

8 more replies

A:Redirecting websites and missing IEXPLORER.EXE

It should be IEXPLORE.EXE, not IEXPLORER, sorry.

14 more replies

Tries running Malware bytes, HJThis and nothing... Any help would be good.

-Thanks
Panama

A:Malware redirecting websites from google help.

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

2 more replies

I have a virus on my computer that keeps taking me to random websites that I never visited before. I am running Windows XP on a fairly old PC. I tried virus scans, ad-aware scans, and still no luck, even did a system restore twice reformatting my computer and it still didn't work. The reason is the virus has got in my system recovery hard drive (D) which is the second hard drive on my computer aside from (C) which is my main drive. Whenever I do a system recovery the virus comes along. Any tips on how to get rid of this thing, I don't care about having to do another format, anything as long as I can get rid of this thing. I want to format the (D) drive as well but it is the drive with the system recovery files and I don't have them on CD or anything.

HIJACK LOG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:47:16 AM, on 3/24/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.... Read more

A:Virus redirecting to random websites

Edit/Bump Thread, I'm sorry I should have read the sticky at the top of the forums before starting this thread, I left out some of the log files. I have included all that has been asked, thank you for taking the time to check out this problem. I couldn't attach the ark.txt file because I am having problems with my browser thanks to the virus on my computer, so instead I uploaded it to sendspace.com, I hope this is not a problem, once again thank you for taking the time to help me out.

1 more replies

I'm finding that I'm getting randomly redirected to other websites off of google searches. In other words, clicking the results from a google search sometimes redirects me to some unwanted website (this is using the Firefox browser). I'm also finding internet browsing to be much slower than usual. Spybot and MBAM scans have come up clean.

Thanks in advance for any insights.

More replies

2 more replies

When clicking I click on links on google the page redirects to various search pages and not to the original url. Also, I have been getting pop-ups lately if that helps.

DDS (Version 1.0) - NTFSx86
Run by hayat at 0:17:58.99 on 28/11/2008
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.3006.1747 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe

A:Google Redirecting To Other Websites; Constant Pop-Ups

Hello m.ali and welcome,

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

15 more replies

Can anyone help with this issue? Thanks.

Sites like safecompare.com, etc.

I am using IE and Windows XP

A:Help - Searches redirecting to strange websites

Anyone? Could this be the TDL3?

6 more replies

I've wasted much of this weekend trying to remove this thing from a home computer. Not sure how it was downloaded, since the kids and my wife mainly use it. I have run malware multiple times in safe mode (full scans). It removes several files, but on restart, the problem returns. I have cleaned the LAN settings from redirecting firefox and IE, but any search results you click on get redirected to random sites and some sites (e.g., gmail.com) cannot be accessed at all. I hope the creators of this are prepared for their long and hot afterlife. Thanks for your help. See the attached DDS and GMER files. I ran these in safe mode. I also ran TDSSKiller (as seen on some other threads), but it returned clean.

A:redirecting websites - gala virus

After posting this, I tried yet another search for solutions (on another computer). This one from a google group seems to have fixed it:
- Open the Start menu, then select Run...
- In the blank next to Open, type "c:\windows\system32\drivers\etc" without the quotes, then hit OK.
- Select the Tools menu (toward the top, between Favorites and Help)
- Select Folder Options in the Tools menu, then click the View tab
- Under Advanced Settings, select the radio button beside "Show hidden files and folders"
- Uncheck the box next to "Hide protected operating system files..."
- A warning window will appear, select Yes, then hit OK
- Right-click the file named "hosts" and select Properties.
- Under the General tab, uncheck the box next to Read-only (if it is blank, leave it as is).
- Hit OK.
- Right-click the file named "hosts" again and select Open-With?
- In the Programs list, select Notepad, then hit OK
- Delete everything in the Notepad windows except ?127.0.0.1 localhost?
- Hit File, then Save, then exit Notepad

2 more replies

Hello, I hope someone can help me identify the perpetrator based on my HijackThis log (see attached). Certain websites that require a log in (bank websites & ebay in particular) redirect my browser to a phishing page that looks exactly like the bank or ebay website. Thank you for the help! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:58:38 PM, on 8/21/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkU... Read more

A:Browser Redirecting To Phishing Websites

1 more replies

Hello, I've been having issues with Viruses or Malware for a few weeks. I've tried everything I can think of, but for the life of me I've been unable to find the culprit files. I have Avast! antivirus, and Zonealarm firewall. I scanned with Malwarebytes, and Avast -sometimes they come back with detections, sometimes they come back with clean record but I still get redirected.Some of the websites that I am redirected to, were harmless going to random websites such as Sprint.com or other vendor websites (Monster Marketplace etc).Lately they've been getting worse, now opening programs such as Windows Media Player and trying to play a file. After Windows Media Player opened, instantly Zonealarm came up and it said a file (nmo.exe?) was trying to connect to the internet. (I'm guessing it was a Trojan.) I denied it access. I have the IP and some of the code that was visible on the website that downloaded the file.After a Malwarebytes scan, some random files had been infected. I removed the files, and rebooted.. and then the computer was unable to open any .exe file lol. (I think RunDLL32.exe was deleted in the cleaning process.) But I worked it out and can open .exe files again.So as you can tell I've been jumping thru hoops trying to clean this, but finally posting for help. Thanks in advance!.DDS (Ver_11-03-05.01) - NTFSx86 Run by Owner at 18:38:56.54 on Tue 03/29/2011Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17Microsoft W... Read more

A:Google redirecting to Trojan and other websites

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don... Read more

2 more replies

Whenever I use google to search for something, clicking on any link often redirects me to another search engine. (ex. hxxp://www.thesalespace.com/search-results.aspx?keywords=banana when searching banana) This doesn't always happen, but when it does it will redirect 4 or more times before going to the desired website. Occasionally it will open a new tab randomly, generally to a google site with /webhp at the end of the address. I do not know the source of the infection, as none of my malware or virus detecting software finds anything. I use Avira AntiVir and SuperAnitSpyware, both free editions.DDS (Ver_10-10-05.01) - NTFSx86 Run by Dan at 12:19:21.15 on 08/10/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3070.2064 [GMT -5:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\... Read more

A:Google Redirecting and opening other websites

14 more replies

Hello, sometime during the past week or so, my laptop contracted a bug. (I'm currently using my desktop to post information to this forum.)

On the laptop, I am running Windows XP Professional (Version 5.1 - SP3). I am unable to go online using Internet Explorer 7. The laptop is running (all programs) very slow. I have access to a Windows Install Disc.

Thank you in advance for the help.
Carol

Here are the log files from my laptop:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Carol at 21:16:01 on 2011-05-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.67 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG10\avgtray.exe

Hello and welcome to TSF. My name is Taylor and I'll be helping you with your fix.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

19 more replies

Hi,

I am requesting assistance in removing possible spyware on my machine. Whenever I go to a website to do a virus scan check, I get redirected to another website that is no relation to a virus scan.

Please see my hijack this log and advise what is causing the redirects to occur.

I tried following the instructions on the main page, however I wasn't able to run any of them.

Thanks,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:57 PM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com/browsers/redirect/...1HPRR&d=homerr
R0 - HKLM\Software\Microsoft\Internet Explorer\M... Read more

A:Internet Explorer redirecting websites

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

See if you can run RSIT:
Double-click RSIT.exe to run the tool.
Click Continue at the disclaimer screen.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
To attach a file to a reply, simplyClick the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
Copy and Paste the following into the Upload File from your Computer box:C:\rsit\info.txt
------------------------------------------------------

19 more replies

Hi,Now and then when I do a Google search and click the link it redirects to a different link rather than the one that is present. Some times, it automatically opens another tab when browsing a site even though I have not clicked anything. This does not happen always, but it happens now and then. Also, sometimes I get the XP Defender and Antivirus Pro virus issues as well. I have tried using combofix, malware and Spybot to clean these. But still the redirecting issues have not gone well. I use Mozilla Firefox 3.6.3 and have also tried clearing the internet files with out much luck. Please help.DDS (Ver_10-03-17.01) - NTFSx86 Run by 113900 at 15:18:23.01 on 21/04/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1239 [GMT 1:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\Common Files\... Read more

A:Redirecting to various websites from Google search

51 more replies

Hi. I'm usually able to find answers for any problems I encounter on here without needing to register and ask a question myself, but I'm having trouble with this one:

- I am in an office with 2 computers. Both of them suffer with the same problem which appears to be some kind of virus: Essentially, when I click on a link, usually from google results, I am re-directed onto a different, random page. If I open the link in a new tab, I can click 'back' until I reach my intended page, but it is annoying that I have to do this, and more of a concern is the reason why it is happening, and what implications it might have that I don't know about. The websites are various things, sometimes as inocuous as eBay, occasionally porn, but more often than not websites such as 'google analytics', 'adclicks', 'gossipcenter' etc.

- I have run MalwareBytes and also have Norton installed, but nothing stops it.

- I purchased a third computer and have just connected to the internet. To check the net worked, I went to google, did a search, clicked on a link and lo and behold, it got redirected to eBay! The fact that this is a new computer, and already it is happening, makes me think that the virus/malware is 'getting in' earlier in the chain, rather than hitting the individual PCs, but my knowledge of this kind of thing is not good enough to know what to do.

A:Redirecting websites on all computers on the network

What kind of router do you use in the office?

3 more replies

EDIT: I just noticed my topic misspelled infection. HA! Should be "Auto-redirecting websites infection"I fell victim to an Adobe Acrobat exploit that installed a few false virus programs (I don't recall the names) and some other exe files that I don't know of and even blocked SAS and MAM. Safe Mode no longer works and some websites get redirected. I thought I did a thorough job of cleaning it up with a combination of HijackThis followed by updated SAS and MAM scans; but Safe Mode still freezes (after Mup.sys loads), and I still get redirected every-so-often. I noticed they get redirected mostly when going to any technical websites computer related. If I try again, it will access the site.I've tried a new safeboot.reg and a number of odd things I read. I hope I posted this all correct.DDS (Ver_09-12-01.01) - NTFSx86 Run by admin at 15:30:19.43 on Thu 02/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.469 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exeC:\WINDO... Read more

A:Auto-redirecting websites infaction

Hey chaokoh,Welcome to Bleepingcomputer! I'm Ltangelic and I'll be helping you fix your computer problem.Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, I ask for your patience. Please stick with me until we get your computer cleaned up or it will be a wasted effort on both sides. ;)I'm looking at your log now, and I'll post back with a fix when I'm ready. Thanks for your patience.PS. If I've not been responding, and you wonder why, feel free to PM me and I'll give an explanation.LT

19 more replies

A:Rootkit/malware redirecting me other websites

18 more replies

Hello everyone ,

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:33:30, on 19.07.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\SQ\AppData\Roaming\Thinstall\Kelk 2000 Arabic - Persian\4000003d00003i\cryp... Read more

A:Google Chrome redirecting me to other websites

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies

I am using 2 browsers on my computer here; Mozilla Firefox and Internet Explorer. When I type something in search engine like Google or Yahoo it redirects me to random websites. Here is my Hijack this Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:19, on 2011-05-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE

A:Search Engines Redirecting to different websites!

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

5 more replies

Hi, I'm having some strange problems.
In this house, there are a number of networked machines running on Windows XP, connected to the internet through a router.

A couple of the PCs have a funny redirect problem - google searches get hijacked and start going to ask jeeves or some shopping thing. (AVG and some online scanners returned nothing)

One PC has just been reformatted, and some problems still persist (perhaps a router malfunction?). Some sites just fail to load on it, and some games can't connect.

Sorry I can't give more details - but I'm happy to run any suggested checks.

Hello and welcome to Bleepingcomputer.First download the FREE version of MalwareBytes, install it, update it, then perform a FULL system scan.Mawarebytes Anti malware http://www.malwarebytes.org/Post back your results, if you find infections, you may have to go to the AII forum section of BC to ask for assistance in cleaning your computer from experienced malware removal staff.Bruce.

1 more replies

Hello to whomever responds!

This is my first time requesting help/advise via your website, so bare with me. Up front info includes: This is about a month old computer, it is a work computer, I do have admin rights to my computer, I frequent the Microsoft website for updates as precautionary and recommended, the president here is not fond of spending money on newer technology software (including anti-virus/spyware software), I'm fairly knowledgeable with computers (with the exception of malware removal)

Within the past week i've experienced redirecting through Google links to misc. websites not intended to be viewed. They are always different, but I'm not redirected every time. I could click on a link, be redirected, hit the back button, then click again and it continues as intended to the correct website. Only pattern i've noticed is the favicon of the redirect briefly flashes before the actual redirect website appears. This favicon looks like a handwritten swirly number 2, and it's blue. I don't believe i've noticed any websites including sexual content or gambling as others have experienced. I have noticed in my temporary internet files some suspicious cookies with ip address looking numbers like 66.230.188.67 & 64.111.196.117. That's a little scary. Other than the redirects, i'm not experiencing any slow down or pop-ups or errors, but I want to nip this thing in the butt before it gets out of control.

In addition to the above, I failed to mention that we are running Windows XP Pro operating system with SP3. Also, i've noticed many other forums regarding redirects and Mozilla Firefox. Just letting you know ahead of time that I have never installed Firefox, and we only utilize IE8.

FYI

1 more replies

A:Malware problem... redirecting when using search websites

10 more replies

Hi,

All search engines are redirecting to random websites (Google, Yahoo, Bing).
I've ran Malwarebytes and Spybot SD and still continue to have the same problem.

Windows XP Media Center Edition
Firefox / IE

More replies

I have Windows 7 32-bit and I am having a problem with all the search engines (google, search, yahoo, etc) in Firefox & IE redirecting to spammy websites, mostly Shopica.com. I have ran both Malwarebytes & SuperAntiSpyware a few times and sometimes it comes up with something (I think it says tracking cookie) that I get rid of but it just keeps coming back. I see there are many posts on this topic but I am a little worried about following another post and messing up my computer. Any help would be great, Thanks!

A:Serch engines redirecting to spam websites.

Hello and welcome.Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal InstructionsIf it finds something make sure Cure is selectedNext click Continue then Reboot nowA log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.

9 more replies

For a while now I have been getting pop ups on my browser. Sometimes bottom right corner, sometimes bottom left, sometimes both. Also when I click links on the page I'm browsing sometimes it redirects me to another website entirely. It seems to be only certain websites that this effects as some sites I never get these problems.

I took some screen captures to show the pops ups in full swing.

With this one it shows the "chitka" pop up, this one cannot be closed. On the left this hollow pop up that can be closed.

This one shows the facebook style pop up.

The pop ups are always a combination of these three.

Here is my DDS report:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464
Run by Family Laptop at 9:34:32 on 2013-03-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3933.1058 [GMT 0:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS

A:"Chitka"/facebook style pop ups and redirecting to other websites

22 more replies

Hey.

Today i encountered a problem. I went to use firefox to access certain sites on the net and it redirected me to a malicious page.. It was very disconcerting, my built in cpu speaker began beaping and a message poped up stating that i should call a certain number to resolve the issue.. "of being hacked allegedly according to the redirect page" I thought maybe the website was down, but their tech support says the site is running fine. i encounter the same problem with the unwanted redirects on my tablet too. This is what's leading me to believe that i have a virus on my router.. i mean after all what could be redirecting the same webpage on multiple devices? If this is the case, i need to know how to fix the problem.. Im pretty sure it's bbecause of a freeware book i downloaded off of the internet earlier in the day. But how would the problem spread to my tablet when i haven't even hooked it to the computer? Any ideas? I need brains on this problem.. any help would be appreciated. thanks

A:LAN virus? multiple computers redirecting certain websites.

You need to reset your router and then secure the router. If you need help doing that then post the make and model of the router.
How to secure your home wireless network router.

You should check for adware and malware using the programs below.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
The scan may take some tim... Read more

3 more replies

6 more replies

I have a virus that redirects me after any search I do in Yahoo or Google. I also sometimes get re-directed on regular websites, but not as much as the search engines. I'm connected to my internet through a wireless router. Sometimes I'll connect to my brother's connection, who lives next door, and I won't get directed at all like I do when I'm connected to my connection. I have used AVG, spybot, and microsoft security essentials and nothing comes up on their scans. I just did a scan with Hijack This and this is the log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:47:38 PM, on 11/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Suppor... Read more

A:Virus/Malware redirecting me to unwanted websites

2 more replies

Hi. Recently i have been having a problem with google's search engine. When i type in a search and it brings up the results, i click on a result but it only takes me to a different search site. Please help
Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:00 PM, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe