Tech Problem Aggregator

# Redirects and overactive A/V

Q: Redirects and overactive A/V

A: Redirects and overactive A/V

8 more replies

I have an overactive pop-up blocker that is blocking things I don't want blocked such as the message I get after requesting to stop my flash drive from the USB port ("It is safe to remove the selected device." or something like that). I have disabled the pop-up blockers that I am aware of, but this continues to happen. Does anyone know how to stop it from blocking windows like this? It's not even an internet-related window, which makes it more puzzling.

Thanks!

A:Overactive Pop-up Blocker

Which popup blocker are you using?

4 more replies

Hi,I've twice had to exchange a Probook 450 G3, for additional reasons also (faulty power connector), so have had experience with 3 units altogether. All 3 had the same issue, the fan would kick in too often, a few instances a minute, making an up and down whirring sound which was very annoying and distracting. The strange thing is that the fan would kick in when the CPU usage was minimal, <5%, web browsing is the most taxing thing I do, no gaming or intense graphic applications.Never had an issue like this with any other laptop/computer, it's basically brand new so no possibility of dust, too hot environment etc. My 8 year old Dell laptop with much more inferior specs handles these activities easily with infrequent fan noise/activity.The laptop is not getting noticeably hot for the fan to turn on and off so often. Is the G3 so heat inefficient that the CPU gets too hot very easily, or is the fan's thermal sensor temp. range too low and the fan is kicking in unnecessarily? I've updated the BIOS and chipset and already contacted HP support who want me to send it to them, but I explained that this issue happened on all 3 units, revealing that the model design/components could be at fault.Would appreciate any insight/explanation for this.

A:Probook 450 G3 Overactive Fan

I've seen other people complaining about the same issue, so I'm not alone: ProBook 450 G3 - Fan going on & off for no reason Fan making a wavy sound / HP ProBook 430 G3 Laptop's cooling fun speeds up speeds down constantly fan noise HP probook 430 G2 - fan noise probook 450 g2 cooling fan

1 more replies

Hi,I've twice had to exchange a Probook 450 G3, for additional reasons also (faulty power connector), so have had experience with 3 units altogether. All 3 had the same issue, the fan would kick in too often, a few instances a minute, making an up and down whirring sound which was very annoying and distracting. The strange thing is that the fan would kick in when the CPU usage was minimal, <5%, web browsing is the most taxing thing I do, no gaming or intense graphic applications.Never had an issue like this with any other laptop/computer, it's basically brand new so no possibility of dust, too hot environment etc. My 8 year old Dell laptop with much more inferior specs handles these activities easily with infrequent fan noise/activity.The laptop is not getting noticeably hot for the fan to turn on and off so often. Is the G3 so heat inefficient that the CPU gets too hot very easily, or is the fan's thermal sensor temp. range too low and the fan is kicking in unnecessarily? I've updated the BIOS and chipset and already contacted HP support who want me to send it to them, but I explained that this issue happened on all 3 units, revealing that the model design/components could be at fault.Would appreciate any insight/explanation for this.

More replies

I am currently using my IBM Thinkpad T20 (2647) with a basic microsoft hardwired mouse (not usb) with two buttons and the wheel.

The problems is that all of a sudden, the mouse has been behaving like I double click sometimes when I don't. For example, if I am in outlook and open an email, when i click on the red x in the upper right hand corner to shut down the email, it will also shut down the program.

It also will make me go two clicks back instead of one in Explorer and just about anywhere two clicks will cause a different behaviour. It isn't consistent and, for example, when clicking on email, if i simply want to highlight the item if i click it lightly and quickly, it will act like one click but if i give it a normal push, it will often act like a double click and open the email completely.

Any idea what is causing this and how i might fix it.

I am running Windows XP Professional and have uninstalled and reinstalled the mouse to no effect.

thanks

A:Need help with overactive mouse

6 more replies

I can't install/run/activate active X or Flash and this messes up using Microsoft update, PCPitstop and other things. MS includes some sort of error about can't copy MUWEB.DLL but I think that perhaps some security program is blocking things to "protect" me. That is great - except when I need to use these features!
The PC is running XPpro, PcCillin, Spybot, and has run Hitman (SurfRight now disabled) and a couple other one time scans, fixes, and downloads (hosts etc.).

A:Overactive Security or ???

Internet explorer in XP sp2 blocks active x and produces a warning bar on your browser, which allows the active X to be run on subsequent click.

Also i would turn off all products and see if flash etc run then turn each on and see what product is the cause.

HTH

topspeed007

1 more replies

Hi, My A drive at random times starts and runs for a few seconds, any ideas what causes this? Thanks,
Mo

A:Overactive A Drive

9 more replies

My harddrive is going a hundred miles an hour and I don't know why. I bring up the task manager and nothing is running , but all I can hear is my harddrive . Any ideas ?

A:Overactive Harddrive

Chkdsk...defrag.

Louis

3 more replies

But I can't help wonder why two lights (labeled Wireless and Ethernet) flash on my Linksys WiFI router when my PC works on a document, searches for a file, or performs other routine functions that don't involve accessing the Internet or LAN.

Is it paranoid to think that information being transmitted despite a firewall and anti-virus software that claims my PC is clean? Or are these router lights flash for reasons other than indicating transmission? Note: they don't flash when the Ethernet cable is disconnected from the PC.

Any help would be appreciated.

A:Overactive WiFi Router?

6 more replies

Problem emerged with my Win XP netbook today: after booting, it crawled through some simple web browsing. Process Explorer revealed that a couple svchost.exe processes are hogging the processor alternately, making my pc nearly crash while going through a ESET NOD32 virus scan. The problem alleviated when the first svchost.exe crashed and had to be stopped.

The scan turned up nothing, but there were already Win32/VB.PAM, Win32/Kryptik.FON, and Win32/TrojanClicker.Punad.AA trojan files in the quarantine. Also, ESET has blocked 3 connections from a garbled url. I haven't tried scanning in safe mode yet.

An svchost.exe process is currently using half the processor right now, but the computer is usable except for the fact that when transitioning out of a screensaver the computer chugs. I'm including an HJT log, which I have no idea how to read. I'm pretty sure I'm in trouble, but how bad is it?

EDIT: Also, when I first booted up my pc I heard it playing some audio even though I had no internet or media windows open. Suspicious, eh?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:04 AM, on 7/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

A:Overactive svchost - possible virus

6 more replies

Hi all,

I have been having a strange problem for the past few weeks, and yesterday and today it's the worst ever. It's like everything I do online overcompensates and goes overboard. For example, if I click the "Back" button, it takes me back 3 pages rather than 1. Or if in email (Outlook) I try to click on a new message, instead of just opening it and letting me read the contents, it opens a whole new window to reply in.

I have cleaned out my temp. internet files and cache. I checked the mouse speed and everything is the same there as it's always been. Do you have any idea what could be causing this weird thing to happen?

More replies

Recently I've noticed my hard drive is chattering all the time. Everything runs fine but I can hear it slowly chirping continuously. It never stops. System idle process is 98% so I know that's ok but it keeps on chattering. Is this a possible indication of a problem soon to happen?
Thanks!

A:Overactive hard drive

14 more replies

Hi,I was hoping others in the same boat, or the HP team representatives could give insight/explanations with an issue with a laptop bought very recently.I've twice had to exchange the Probook 450 G3, for also additional reasons (faulty power connector), so have had experience with 3 units altogether. All 3 had the same issue, the fan would kick in too often, a few instances a minute, making an up and down whirring sound which was very annoying and distracting. The strange thing is that the fan would kick in when the CPU usage was minimum, or at a very low state, web browsing is the most taxing thing I do, no gaming or intense graphic applications.The specs, an i5 6200U with plenty of RAM and an SSD would suggest that it should handle these simple activities with little effort, in fact it was advertised as an Energy Star model at the time, there was a lot of info about how little power it uses.Never had an issue like this with any other laptop/computer, it's basically brand new so no possibility of dust, too hot environment etc. My 8 year old Dell laptop with much more inferior specs handles these activities easily with infrequent fan noise/activity. I would've isolated this as a unique incident except for the fact I noticed the same almost immediately with all three 450 G3s in the short time I had them.The laptop is not getting noticeably hot for the fan to turn on and off so often. Is the G3 so heat inefficient that the CPU gets too hot very easily, or is the fan's ther... Read more

More replies

Cursor is almost un-controlable.

More replies

I have a Gateway GT5068E PC, with 2 GB RAM and 200 GB disk drive. At power up, it responds very slowly and the disk drive works furiously, so I checked Resource Monitor @ Control Panel, and found that both CPU and RAM usage were often up to 90% or more. Furthermore, there were often over 400 'hard faults' for the RAM. This persisted for an hour or more, after which the CPU usage stayed below 10% and the RAM usage below 40%, with only an occasional 'hard fault' in the RAM. The system was naturally much more responsive. I intend to double my RAM, to 4 GB (the limit), and may get faster chips (666 vs 533, I believe). Does anyone know why the system thrashes so much for an hour after starting, and why there are copious hard faults reported for RAM? And is there any way to determine what speed the RAM chips are running, without disassembling the PC? (I disassembled it yesterday, when my daughter returned it, and cleaned it thoroughly.) Secondly, this Windows 7 Pro OS was installed only about 6 months ago, and does not, I believe, have much unnecessary software running under it. But Task Manager reports dozens of processes soon after start up, including MsMpEng.exe, which often consumes half of the CPU. And I noticed that 'TrustedInstaller.exe' was still running long after it should have been, so I killed it. Thanks for your help..

A:Solved: Overactive Software & Hardware

16 more replies

Hi, I'm new to the forum so I'm sorry if this is in the wrong section or if the information I give is inadequate but I'll do my best.

I've managed to inherit an Acer Aspire 1652WLMi laptop from my mother... it used to run fine and seemed so much faster than my old desktop. But over the past... 2 years? It has seemed so much slower and the fan constantly roaring at ear-shattering levels.

Here are the specs:
Acer Aspire 1652WLMi Laptop running Windows XP ?Home? SP2
1.73 GHz
512MB ram DDR2 (support dual-channel???)

I think this should be enough info...correct me if I'm wrong

A few problems I've had are virtumonde (tried a few things and haven't seemed able to remove it), A hyperactive explorer.exe (generally bringing my CPU usage to 100%), An infected rundll32.exe (32.5 kb and has a page icon), Antivirus 2009 (stupid people don't know what year it is ) ... There are probably a few others but I'm tired right now. I can look into it later if need be.

Here is my Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 4:30:33 p.m., on 21/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe

A:Many viruses, slow computer and an overactive explorer.exe/CPU

Hi, welcome to TSF!

You are operating your computer with multiple Anti Virus programs.

AVG7
Avast!

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Uninstall one of them and keep only one.
________

http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
___________

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on I... Read more

1 more replies

Mine is a Dell Inspiron 5305 and I am on a small (3machine network) My machine is protected by Panda which auto updates all the time (aarg) My machine sounds like it is breathing hard all the time and the processes goes between 5% to 100% all the time with about 50 items running. It also kicks off the DSL connection on a regular basis and is so slow i almost don't want to use it. While sitting idel you can hear the fan speed up and slow down and the clicking of a hard drive working its little brains out exept I am not asking anything of it.

More replies

Hi:

My computer is brand new out of the box couple days ago. Bought it because my other machine was atacked by malware. I did not download anything from old machine onto new. I did go to my aol email account and signed in. Imediately after this new machine is redirecting google searches, randomly, and also seems to redirect the second I try to sign on to my aol email.

I am a newbie and know nothing.

Thank you,

A

A:Search Redirects, Random redirects, AOL email sign on highjack

2 more replies

I am hoping someone can help.I stupidly clicked to install some codec to get a video to run and then it asked me to install freshplay. either or both messed up the computer. Now, I cannot get IE7 to load (it flashes on the screen for a second then closes) and Google's Chrome browser will redirect after a few seconds of getting to the webpage I want. I assume there is some DNS problem too since Orb is not able to connect, I tried to install and run AVG and it can't connect to update (Malwarebytes can't connect to update either, but I installed the most current version from another computer) and Spybot won't run at all either after a successful install. I also just noticed my clock in the lower right hand corner has been set to 24 hour time rather than 12 hour time...Here was my first Malwarebytes run:Malwarebytes' Anti-Malware 1.34Database version: 1749Windows 5.1.2600 Service Pack 32/13/2009 9:10:40 PMmbam-log-2009-02-13 (21-10-40).txtScan type: Full Scan (C:\|)Objects scanned: 174278Time elapsed: 31 minute(s), 50 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 4Folders Infected: 1Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\Curr... Read more

2 more replies

Hi,

Here's the symptoms that I'm seeing need some help.

1)Using Internet Explorer - Enter a URL and instead of going to the site it's redirected
Noted Redirect Sites: happili.com, mevioe.com and flyrry.com and other unwanted sites.
3)No Longer able to connect to windowsupdate.microsoft.com or access the windows update site directly from www.microsoft.com

Ran Malwarebytes with latest definintions comes up clean
Ran Ad-Aware with latest Definintions comes up clean
Running AVG scans reports clean

Note: In the Following Requested Logs you may notice the process Teamviewer I'm Aware that this is a Remote Control Software as Me (The person posting this) is helping a friend who lives to far away to actually work directly from their PC. Wanted to point this out.

Before Running hijackthis, DDS and GMER I disabled the AVG processes so that the Antivirus Engine wouldn't interfer with these scans.

Requested Logs

####### DDS ##########
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jen at 23:58:43.82 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.530 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Internet Antivirus 2011 *Enabled/Updated* {DD66DA46-1A1C-43D7-B787-8D5FA72... Read more

18 more replies

A:search engine redirects, website redirects

Show All

2 more replies

Any Google result sends me off to anti-virus software sites (probably fake). In addition when I try an access a security site like TrendMicro or BleepingComputer this also sends me off to these anti-virus (fake) sites. Here is the HiJack 2.0.2 log (hope I'm doing this correctly)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:10:59 PM, on 1/27/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\stsystra.exeC:\Program Files\Del... Read more

A:Google Redirects and Security Site Redirects

2 more replies

Ok, my Windows 7 computer was randomly redirecting me, like I would be clicking on links in youtube and it would go to some other site. So I ran HJT and it has the following entries:

O1 - Hosts: ::1 localhost
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.statcounter.com.

When I loaded HJT it gave an error about not being able to access the hosts file. I went to drivers/etc and the hosts file was not there. I had to use the command line to do some tricky things (gain ownership of the file, and remove the S and H attributes) so that I could see and open the file. All that's in the file is:

127.0.0.1 localhost
::1 localhost
The ::1 localhost looks weird to me, is that ok?

Anyhow, then I scanned with HJT, found those O1 entries above, and fixed them. And rebooted. Then I scanned with HJT and those entries were back!

Where are they coming from if not the hosts file?

And are they bad or just normal? They seem odd!

Thanks!

A:O1 HJT Redirects I can't get rid of

Hi,Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds file to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.

10 more replies

When I go to do Google searches, it keeps trying to redirect me with "vipsearchs". I have No Script installed, which keeps it from going wherever it's trying to send me, but Google is still useless. I've run just about every reputable anti-virus program I can find (Malwarebytes Anti-Malware, SUPER Anti-Spyware, Spybot Search and Destroy, AVG), and none of them are finding anything.SpyDoctor found a "possible Browser Hijack", but it couldn't fix the error even when I ran it in SafeMode. Any help would be greatly appreciated. You never realize how much you use Google until you can't anymore.Hey same problem, but your link to BTKR_RunBox won't download.

A:Redirects

Hello and welcome. Lets do tis next,Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.>>>Download aswMBR to your desktop.Double click the aswMBR.exe to run it.Click the "Scan" button to start scan:On completi... Read more

1 more replies

Sometimes I am redirected to an ad-webpage when using IE7. I have not found any other problems with the computer. Nothing is found when scanning for virus and adware. I have included my HJT log, please advice. Thanks /Fred

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:08, on 2008-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe

A:IE7 redirects

2 more replies

Since yesterday (December 22, 2009), every website I try to go and every url I type in redirects to www.vtr.com! It's in Spanish, and seems to be a shopping site. Some research tells me that the site has "high security standards, very trustable". That's the only thing it does; it doesn't let me go to any website other than vtr.com.
I have Windows XP, and Internet Explorer.
In safe mode, I have run Malwarebytes' Anti-Malware, with nothing detected. I have run avast! Antivirus, also with nothing detected. I have run Spybot-Search & Destroy, and it detected six infected files, but the removal of these files did not help with the vtr.com problem. I have also run CWShredder, with nothing detected. I ran SuperAntiSpyware, with browser tracking cookies discovered. I deleted them to no avail.
I'm completely new, no experience at all with this kind of thing. I have no idea what this is!

A:EVERY URL redirects!

This is going to sound like an extremely dumb question, but is it possible that your home page got changed to vtr.com?whoops misread it =/

4 more replies

Recently "someone" was on my computer and either clicked a side ad or clicked something in a search, even though they say that they did not. Anyway, I have been getting redirects off and on for several weeks. At first it was so infrequent that I didn't really notice it. Now it is a daily occurrence. It happens when searching in Bing and in Google. Usually, if you go back and click the link again you get to the site you are looking for. Here is my Hijack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:07 AM, on 11/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe

A:Redirects

16 more replies

I've ran Dr. Web ... I've ran mbam bellow is the log... and I've ran SuperAntiSpyware and I still get redirects.Edit since moved.. running windows xp7/9/2009 2:19:22 AMmbam-log-2009-07-09 (02-19-22).txtScan type: Full Scan (C:\|)Objects scanned: 234389Time elapsed: 53 minute(s), 1 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 10Registry Values Infected: 1Registry Data Items Infected: 2Folders Infected: 1Files Infected: 8Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{674de1aa-facf-47a5-a4cf-9ef05f9a1b2a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{674de1aa-facf-47a5-a4cf-9ef05f9a1b2a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-... Read more

A:Still getting redirects :-(

I read a few redirect problem post seems Smitfraud option 1 is the 1st step so i ran it and here is the log.

SmitFraudFix v2.423

Scan done at 16:34:59.65, Fri 07/10/2009
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

???????????????????????? Process

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe

13 more replies

How can I stop redirects on google chrome?

A:redirects

1 more replies

Over the past 2 days my IE 7 browser has suddenly started being redirected when I click on links from a search on MSN or Yahoo.

In the link history, I can see a redirect and Jump links. Some of the sites I have been taken to are www.shopica.com, beta.tidatv.com, www.searchme.com, and www.vbs.tv.

I have run scans via Kaspersky Internet Security but it has not found a problem.

Here is the DDS.txt file:
DDS (Ver_09-01-18.01) - NTFSx86
Run by Lunt Family at 13:09:09.75 on Wed 01/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.547 [GMT -6:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lunt Family\Local Settings\Temporary Internet Files&#... Read more

A:IE 7 hit with Redirects

Hi

If you still need help with this post back a fresh dds log, please.

2 more replies

I have been having issues with IE7 redirecting my searches. If I search for a topic, a relevant list of sites comes up. However when I click on it I then get re-directed to another site.

I have Norton 360 which scans 2 times a day and shows that my system is clean. I ran the panda active scan which shows that not true. I have automatic updates and my system shows it is up to date??

How do I get rid of these and get my browser functioning properly again? Thanks for the help!

====================================================

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-19 09:20:02
PROTECTIONS: 2
MALWARE: 21
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton 360 8.2.0.81 No Yes
Norton Antivirus Internet Security 2008 No No

More replies

I have recently been infected with a virus that is redirecting clicked links and producing pop ups.
I ran tdsskiller and it finds, Malicious objects - Rootkit.Win32.TDSS.tdl3 in C:Windows\system32\drivers\ndis.sys.
When I click continue is says, System scan completed.
Infection: Cured
C:Windows\system32\drivers\ndis.sys - processing error.
It does this everytime I run tdsskiller, like it is never cleaning or curing the problem.
Run in safe mode.

Thanks in advance for any and all help.
Awaiting further instructions to post any logs.

Rick

OS: Vista 32 Ultimate SP2

More replies

Hello, I'm new to this forum. I have run combofix on my computer and it's and I'm still having problems. I've tried yahoo, google and have tried using firefox and ie7. I also tried to download malwarebytes to run that program and it directing me to another website. Here is my combofix log.
ComboFix 11-02-11.02 - Tiger 02/12/2011 9:48.14.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.154 [GMT -6:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 )))))))))))))))))))))))))))))))
.

2011-02-12 05:13 . 2011-02-12 05:13 -------- d-----w- c:\windows\LastGood
2011-02-07 19:36 . 2011-02-07 19:36 56832 ---ha-w- c:\windows\system32\LPRnwxp.dll
2011-02-03 21:48 . 2011-02-03 22:10 -------- d-----w- c:\documents and settings\Tiger\Application Data\muvee Technologies
2011-02-03 18:26 . 2011-02-03 18:26 -------- d-----w- c:\documents and settings\Tiger\Application Data\Leadertech
2011-02-03 15:48 . 2011-02-03 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2011-02-03 15:46 . 2011-02-03 22:23 -------- d-----w- c:\prog... Read more

A:redirects

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

9 more replies

Hello everyone and first off, thank you for *existing* because I am usually decent with computers but I don't know what else to do with this seeming malware trouble. For approximately 2 months, I have been receiving right side pop ups when browsing webpages. If I right click the "global settings" link which doesn't always appear, it will show edgesuite.net; when clicking a webpage link, maybe 50% of the time, I am redirected to another site. I also notice that the home page keeps reverting to AVG search.

I am running Windows 7 Home Premium, Service Pack 1 using Firefox (but still get the msg if I try IE)
Please let me know what else I can do to help. Thanks!

Heather

A:redirects and pop ups

Hello Heather, pleae do these and let me know.Reboot into Safe Mode with NetworkingHow to start Windows 7 in Safe ModeRun RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to s... Read more

12 more replies

Please help me! I have numerous pop up ads and evertime i open a browser window (IE or Firefox) it redirects me to something else. Here is my logs:Deckard's System Scanner v20071014.68Run by Ashley Sanson on 2008-06-16 22:13:51Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 3 Restore Point(s) --3: 2008-06-17 03:14:01 UTC - RP3 - Deckard's System Scanner Restore Point2: 2008-06-17 02:01:19 UTC - RP2 - sss1: 2008-06-17 02:00:39 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 447 MiB (512 MiB recommended).-- HijackThis (run as Ashley Sanson.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:15:21 PM, on 6/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ACS.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EX... Read more

7 more replies

Hi, well I'm not the most tech-savy person but usually I capable of fixing these problems myself with some trial & error. But I seem to have caught some sort of virus/malware or something of the sorts. The issues I am experiencing are redirects randomly and pop-ups leading me to weird sites trying to make me purchase things. Also my PC seems to have slowed down quite a lot. I've ran scans with malwarebytes and various other programs and it tells me I'm fine yet these problems occur. I've searched through Google and this forum for help but nothing seems to be working for me so I though I'd sign-up and start my own thread and see if you guys could give me a hand. Thanks in advance.

A:Redirects/Pop-ups

Also I forgot to add I have 2x iexplore.exe processes running according to task manager even though I only use Firefox and there is no internet explorer tab on my windows taskbar. I found this to be weird so I thought it might be helpful to you in some way.

15 more replies

When in Microsoft Internet Explorer my google searches are redirected to "Click.sureonlinefind.com"

LOGS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.21.2
Run by John at 6:18:29 on 2013-06-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6128.4554 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

A:Redirects

15 more replies

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz, x86 Family 15 Model 2 Stepping 9
Processor Count: 1
RAM: 991 Mb
Graphics Card: SiS 650_651_M650_M652_740, 32 Mb
Hard Drives: C: Total - 305234 MB, Free - 252779 MB;
Motherboard: ASUSTeK Computer INC., P4S533MX, REV 1.xx, xxxxxxxxxxx
Antivirus: AVG Internet Security 2011, Updated: Yes, On-Demand Scanner: Enabled
malwarebytes-anti-malware
i get pop ups every so often- on both mozilla-firefox and internet
explorer. i get redirected even when that site hase no relation to the site i may be veiwing also when i attempt to access a site upon start up or change when on another site

A:redirects, pop ups

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:38:53 PM, on 1/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe

2 more replies

For the past 2 day when searching with google, when clicking a result I get redirected. Even with know result to know sites that are good. Also my system has really slowed down, especially on line material.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Randy at 13:41:24.28 on 21/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.464 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Anzio126\anzio32.exe
C:\Anzio126\anzio32.exe
C:\Anzio126\anzio32.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe

A:Redirects

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

------------------------------------------------------

7 more replies

Hi I am writing this because I have been getting very bad pop ups and redirects since I got IE9, very simular top what is happenong in this post http://www.bleepingcomputer.com/forums/topic462771.htmlThat being said I ran all the scans that were suggested and the redirects seem to have gotten better but the pop ups are still present. I am posting the results for the scans here.I have ran the Minitoolbox scan several times and keep getting thwe same result, so I am guessing you will say it's incomplete.Any help you can suggest would be greatly appreciated as this popup is VERY annoying.LOG FILESResults of screen317's Security Check version 0.99.43 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 Antivirus/Firewall Check: Windows Firewall Disabled! AVG Internet Security 2012 Microsoft Security Essentials Antivirus up to date! Anti-malware/Other Utilities Check: Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.1 Java™ 7 Update 5 Adobe Reader X (10.1.3) Process Check: objlist.exe by Laurent Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe AVG avgtray.exe System Health check Total Fragmentation on Drive C: 0% `... Read more

A:Pop ups and redirects in IE9

Welcome aboard You're running two AV programs, AVG and MSE.You must uninstall one of them.If AVG use AVG Remover: http://www.avg.com/us-en/utilitiesRegarding MiniToolbox...If your "hosts" file is infected sometimes it'll create a long blank space following this line:::1 localhostScroll down and you may see more text.

7 more replies

Hello everyone. Lately I have been having problems with being redirected to differn't sites than the ones I click. This seems to happen when I use Yahoo! or Google! and click a search result it gave me. When I click it I am then redirected to a site completely differn't than the one I wanted. I therefore have to go back copy and past the link in my browser and click go manually then it works. I have ran Adaware SE, Spybot, BitDefender, and AVG and still can not get rid of this problem. Below I have included my HijackThis log. Please help!Logfile of HijackThis v1.99.1Scan saved at 11:55:51 AM, on 1/9/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ACS.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:&#... Read more

A:Redirects

6 more replies

Hi, I'm having a lot of pop ups and redirects, a lot of sites refuse to load, and many (a lot of social networking sites, for some reason) just don't work properly. I should note that I'm pretty computer literate, and so I can tell the difference between a slow internet/downed server and malware. I've tried SuperAntiSpyware, Malwarebytes, and Combofix (I verified that it came from a legitimate website), as well as normal maintenance like checkdisks and looking through the system config utility.HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:13:37 PM, on 7/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\AWS\WeatherBug\Weather.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXEC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\Program Files\Steam\Steam.exec:\program files\steam\steamapps\common\left 4 dead\bin\sdklauncher.exeC:\Program Files\Real\RealPlayer\realplay.exeC:\Program Files\Internet Explorer\iexplore.exec:\program files\steam\st... Read more

A:pop-ups, redirects, etc.

2 more replies

I followed as much instructions as I possibly could to remove my infection. It was a Trojan and rogue program, all icons on the desktop were changed to hidden, program files, start menu, etc all changed to hidden. Removed the infections with malwarebyes and Superantispyware, rkill, did ccleaner but still getting redirects. After the scanners showed the system was clean, I did a system restore and that changed the file properties back to not hidden but still---redirects Here are my logs below. Any help would be greatly appreciated.
***********************
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Douglas T. Bates IV at 4:13:29 on 2011-12-20
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3836.2712 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe

A:Getting redirects

4 more replies

Thanks in advanced for any help without you i would not be able to afford or have the knowledge to fix.

I hve a HP pavillion running windows XP last few days i have been getting redirected on all google searches
i have run Malewarebytes scans and have detected nothing and have tried Superantispyware scan and have
also detected nothing more than tracking cookies.was gonna do a system restore but was not running so
that was not a option.the performance as for as computer speed appears just fine just these redirects. so
here are all the logs that you asked for i hope i did them right.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:49 PM, on 2/24/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHs... Read more

A:redirects,redirects and more redirects...HELP!!!!!!!!!!!!

16 more replies

A:Pop Ups And Redirects

I have done some additional things since posting this original hjt log - I've removed the Kaspersky antivirus software, tried to update avg but couldn't, ran ccCleaner slim, ran the vundofix and it found 2 files - wtfuetxe.dll and wtfuetxe.dllbox which it looks like it quarentined in a folder, and I ran SmitFraudFix. The C drive icon is now replaced with a red X and there are multiple .dll files in the C drive. I was going to install a new free avg anti-virus and anti-spyware program but ran out of time. I'm going back now to do that. Here is the latest HJT logs and rapport.txt log from SmitFraudFix.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:41:00 AM, on 1/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\sv... Read more

12 more replies

Hope you guys can help

My daughter got sent a link via Messenger which she clicked.

I now have NOD32 flagging up problems, pop-up ads within IE pages, browser pages opening on their own.

I have scanned with Adaware, Spybot S&D, and also tried CWS Shredder. I have removed anything flagged up, but still the problem is there.

Logfile of HijackThis v1.99.1
Scan saved at 23:36:03, on 28/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe

A:IE Pop-ups and redirects

Hello nagsville and Welcome to TechSupport,

Scan with HijackThis. Place a check against each of the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

* Turn off the real time scanner of any existing antivirus program while performing the online scan
Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:
Now click on Scan Settings

19 more replies

I recently removed the AV Soft bug by downloading Malwarebytes. That seems to have taken care of the popups for now. I notice that IE keeps redirecting me when I am viewing one of my favorites. I have WindowsXP and IE8.

For some reason, I'm also having trouble posting from the infected computer...I get the "Internet Explorer cannot display...etc" in the upper left corner of screen.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:45 PM, on 6/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

A:IE redirects

11 more replies

http://www.bleepingcomputer.com/forums/topic403533.html/page__p__2290536__fromsearch__1#entry2290536

A:IE redirects

Please do not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. Further, it necessitates staff spending time with housecleaning to remove or close those duplicate postings...time which could have been provided to others needing assistance. I have removed any duplicates to avoid confusion.Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKillerDouble-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.Any objects found, will show in the Scan results - Select action for found objects and offer three options.If an infected file is detected, the default action will be Cure...do not change it.
Click Continue > Reboot now to finish the cleaning process.<- Important!!
If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you ... Read more

16 more replies

I am trying to help a co-worker with his daughters laptop. Everytime she attempts to go online, the browser gets redirected to some random website, or a popup that tells her she needs to buy some AV software. I ran malwarebytes and cleaned about 700 files but it didn't seem to help that much. I tried to run HiJack this but it wouldn't let me see the host files at all. I cannot get that machine to go on the internet so any downloads will have to be transported via usb flash drive to her laptop. Thank you so much!

A:IE Redirects

16 more replies

If I insert all the information you request , it won't even let me post the message. Is there another way around it?

A:Redirects,pop ups

25 more replies

I believe my son, who for his safety will remain nameless picked up some spyware. Attempts to download a commercial remover result in Oops! This link appears to be broken.

I have downloaded and ran HijackThis and below is the result. Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:17 PM, on 5/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\20104.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS... Read more More replies Answer Match 25.2% We just got my brother in law's old laptop, so I'm not sure if these are new issues or have been there for a while, but we're experiencing redirects, pop-ups and general slowness in both Firefox and Internet Explorer. There haven't been many system crashes, but I tried to do a system restore and it froze on the screen each time. Here is the HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:38:13 PM, on 5/9/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Prog... Read more More replies Answer Match 25.2% When i go on some of my favourite sites i keep getting redirected to another webpage. Logfile of HijackThis v1.99.1 Scan saved at 21:53:05, on 21/09/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\CTHELPER.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Documents and Settings\Rhys Morgan.RHYSJOERHYS\Desktop\Applications\utorrent.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Rhys M... Read more A:redirects 16 more replies Answer Match 25.2% When running internet explorer 7 and clicking on a link from a search menu, I'm redirected to some other web seach page or site. Is there some type of virus or malware doing this. Please help.Here is a print from the Hijackthis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:03:15 AM, on 7/4/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16681)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\PrevxCSI\prevxcsi.exeC:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exeC:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\System32\wpcumi.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXEC:\Windows\ehome\ehmsas.e... Read more A:Ie Redirects It's been three days on this post and still no help. 2 more replies Answer Match 25.2% When I search on line using google using firexox and click a website it will go to a whole different site and if i close and do it again that same link will be a different site again.Also out of no where i will get a pop up with some random site without even click anything.Hope someone can help. Here is my HiJack this log.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:37:37 PM, on 5/24/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\windows\System32\smss.exeC:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\system32\svchost.exeC:\windows\system32\svchost.exeC:\windows\system32\svchost.exeC:\windows\system32\spoolsv.exeC:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\windows\Explorer.EXEC:\Program Files\eMachines Bay Reader\shwiconem.exeC:\windows\system32\RUNDLL32.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Windows Live\Messenger\... Read more A:Getting redirects and pop ups. Good evening. Please follow the instructions here and post accordingly into this thread. 15 more replies Answer Match 25.2% Hi guys, i've noticed a lot of google redirect threads so i thought i'd post mine too. Currently i have already run tdsskiller and it finds absolutely nothing, i have ran various virus scanners such as malwarebytes, superantispyware, spybot S&D. I know i shouldn't have but i have already run Combofix with little results, i have run various MBR scanners and they have found nothing. My hosts file is completely normal and no-one else in the household is getting the problem which takes out the router. I am absolutely confused, i have never come across a malware problem i haven't been able to remove myself and this one is ridiculous. I have tried various browsers and it still redirects. The weird thing is the redirects don't always happen and if i'm honest at this point i'm tempted to just put up with it because i have yet to run a scanner which actually found anything. The only thing that points for me to an infection besides redirects is W7 security centre has been disabled and it cannot be enabled, i also cannot install Security Essentials or Windows Defender. I am running 64-bit by the way if that helps with anything. I have already completely uninstalled Java and all of my browsers, TCP settings in the control panel are completely normal and no proxy is being shown as enabled, i just do not know how this thing is getting around everything. There are no suspicous processes running. Google searches are redirected i'd say every 3 times, so n... Read more A:Redirects... Tried Everything Hello ashyy and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums. Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator! If I instruct you to download a specific tool in which you already have, please ... Read more 6 more replies Answer Match 25.2% I need help, I am getting redirects in IE and Firefox, Chrome wont work at all. Last week I got the "Antimalware Doctor" virus along with a rootkit, so I proceeded to clean the computer and thought I got everything but I am still getting redirects. Since then I have run Spybot, SuperAntiSpy, Yahoo Antispy, Malwarebytes, IObit Security 360, AdAware, Mcafee stinger, Avast scans and online virus scans House call and BitDefender, everyone comes up clean, Hijack This appears to be clean as well. I have also disabled all add ons and extensions in IE and Firefox, removed any toolbars, I also get the redirects in IE(run with no add-on's) and Firefox safemode. I have removed any odd programs. Occasionally I will get a Avast blocking stuff from executing a Svchost from running and get a Microsoft error dump for a Svchost. Not surewhat to do about this. The virus I had did corrupt some system files, winlogon.exe and eplorer.exe, but this seems to be ok now, but thought I'd add this info. Not sure where to go from here, can someone help me with this problem? Thanks A:Bad Redirects im not a specialist or anything, but im wondering this: do you have all the above listed antivirus programs installed at the same time? cause if i remember correctly, you're only supposed to have one installed at a time. also, another thing u can suspect is your router. if you read my thread you just might get an idea of what's going on. The best thing would probably just be to wait for a moderator though. hope for the best! - John 4 more replies Answer Match 25.2% I've been having a terrible time trying to disable a virus (or multiple viruses) on the computer. I've run MSE as well as trying lavasoft and avast software, nothing seems to detect this thing. Despite that, I am constantly redirected to spam sites while surfing the web and either square or phone shaped pop up appear in the bottom right hand corner of my browser. This happens on both Firefox and Chrome. Now something seems to be messing with my anti-virus, since it magically disappeared from my system yesterday. Any help would be greatly (!) appreciated.Thanks!Win7 64 bit A:Redirects and pop-ups Welcome,please run these and post the logs...Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop. Link 1 Link 2 Link 3 Link 4 Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.>>>>Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click on Change Parameters Put a check in the box of Detect TDLFS file system Click Start scan.When it is finished the utility outputs a list of detected objects with description. The utility automatically selects an action (Cure or Delete) for malicious objects. The utility prompts the user to select a... Read more 17 more replies Answer Match 25.2% I just purchased a new computer a few weeks ago and now I am having problems using it. Any web page I visit will have multiple adult pop-ups and at times I will be redirected to another page all together. I figured Windows updates might have something to help but I cannot access the update page at all, get redirected every time. I am not a computer savy person so I purchased Norton Antivirus 2005 yesterday figuring that would resolve my problems. After install, it detected quite a few viruses but also detected spyware. Even after quaratine and all I still have the pop-up issues. Im not sure where to start to get rid of all this crap but I would definately appreciates someones assistance. As I said before, I am not a "Computer person" so please be gentle. A:Pop-ups and Redirects 14 more replies Answer Match 25.2% Hi Gents,Over the Thanksgiving holiday, I got stung by the redirect bug which is affecting all my browsers (Google, IE). I am an MCP and so began troubleshooting on my own, but have not gottent rid of the problem yet, obviously. The following programs have been run to clean this up (all with up to date definitions): MalwareBytes, Stinger, Spybot, Spyware Doctor, OTL, ComboFix, TDSS remover (forgot the full name), CCleaner, Auslogics Registry Cleaner. I have all logs available for inspection as to what I have done. I understand the process will take some time; Just as long as I get rid of this pest and NOT have to replace the PC (HP Netbook Mini 110-3135DX). I rely on this machine here at my turntable shop for business. I think I'll begin with the logs for OTL, main log first:OTL logfile created on: 11/24/2012 7:12:52 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mstcraig\DesktopStarter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1011.90 Mb Total Physical Memory | 390.12 Mb Available Physical Memory | 38.55% Memory free1.99 Gb Paging File | 1.26 Gb Available in Paging File | 63.51% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 216.66 Gb Total Space | 188.95 Gb F... Read more A:8.22.70.252 & 63.209.69.107 redirects Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums. Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator! If I instruct you to download a specific tool in which you already have, please delete ... Read more 43 more replies Answer Match 25.2% Hi, I'm running XP MCE w/ service pack 2, have all the 5 steps completed I'm having problems with pop-ups especially hxxp://www.seekalicious.com Also all sorts of internet redirects. Spybot S&D has cited NSIS Media. I downloaded a specific program to respond to that, but it did not work. Command Service is also a problem I cannot solve Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:37:41 PM, on 8/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\WINDOWS\R3JlZw\command.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.ex... Read more A:Pop-ups, redirects bump, please 15 more replies Answer Match 25.2% I started having problems with my comp on April 29th. I had obviously picked up some sort of malware while browsing. My performance slowed abysmally, windows closed randomly, my wallpaper was replaced by a big flashing ad for some ******** spyware remover. Even my screensaver wouldn't work. My ISP called and said they'd cut-off my internet service if the problem wasn't taken care of right away. A friend helped me get the install files for MalwareBytes and CCleaner (msn messenger was virtually the only program working), and after scanning with those programs everything pretty much went back to normal. The next day, I started experiencing the (apparently quite common) 'google redirect' problem. The severity varies day by day, but generally speaking, if I click a link in Firefox a new tab will open and the status bar will have some massive URL that begins with http://www.googe-redirect.com... - I'm often redirected to one of several search engines, but sometimes I'm taken to pages that are completely unrelated. Sometimes I'll end up being 'redirected' to the proper place. Sometimes I'm not redirected at all. The google redirect issue is my chief problem, but there are other things going on as well. My computer still performs quite poorly, and sometimes my taskbar disappears. If I attempt to scan with Eset, it picks up several issues, but specifies than it cannot fix several of them until I reboot my computer. As soon as I reboot, I get the exact same message. I... Read more A:Redirects, etc. Hello, Sir Burley Bee :) Welcome to TSF My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.) Please give me some time to look over your computer's log(s). Please take note of the following:In the meantime, please refrain from making any changes to your computer. Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :) If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Finally, please reply using the button in the lower left hand corner of your screen. Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" . We need to back up your registryPlease download ERUNT and save it to your desktop. (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.) Install ... Read more 9 more replies Answer Match 25.2% My problem is I have an tutorial animation created in Flash that is going to be on a CD ROM for one our our clients. I can get the cd to autostart using autorun.inf easily. The problem I have is that when the user first inserts the CD it starts a file that allows them to install the shockwave player on their system, which they need to view the animation. What I need to know is can I alter the autorun.inf to test wether they have installed the shockwave player and if so redirect them to the tutorial animation without having the first install screen appear? Does that make sense? try this: 1. user inserts disk for first time 2. autorun displays the install file 3. user installs software. 4. when user next inserts disk autorun checks to see if software installed, if yes then redirects user to second file. Any ideas? More replies Answer Match 25.2% everytime i use the search and click on a link it redirects my browser how can i fix this. i am going to include a log file from hijack this. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:56:24 AM, on 7/13/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\System32\svchos... Read more A:please help w/ ie redirects 9 more replies Answer Match 25.2% I am having a problem with IE8. I am being redirected to unwanted sites using google search. I have virus, spyware, malware, adware programs but none seem to clean this problem. I thought SpywareDoctor cleared it but it back. Running XP home with all securety pataches installed. Computer is laptop on wireless home network. Desktop does not appear to be infected. Attached is HJT log. Any help would be appreciated Thank You Marc Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:07:28 PM, on 4/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\Program Fi... Read more More replies Answer Match 25.2% Running 7 ultimate retail for about 2.5 yrs now. Lately i have been having many probs with internet explorer, re-directs when using google, audio coming on, all sorts of things, websites I didnt click on are coming up, ie simply locking up, was on Asus and i went to the mobo i wanted, clicked on "downloads" and i cant get to the next page where the downloads are. This sort of thing is happening all the time now. I dont know if this is related or not but I have quite a few usb drives and other usb items. Whenever i plug one in or turn one on my monitor goes blank (black), comes back on, goes blank again, and comes back on, all in a second or so. Should have done something about this earlier but i thought i had corrupt windows files since i have been running my pc every day and nite for 2.5 years and i do a lot of downloading of movies and such (demonoid) Help appreciated. thank you A:redirects, etc Hi garebo, Unfortunately your machine appears to have been infected by the TDSS rootkit/backdoor infection. These kind of malware is very dangerous. Backdoor Trojans provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately: Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use. Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account. Consider what other private information could possibly have been taken from your computer and take appropriate steps Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? What Should I Do If I've Be... Read more 1 more replies Answer Match 25.2% Hi I keep getting pop ups in the bottom right of my browser (firefox) and some redirects. Would appreciate the help. A:Pop ups and redirects DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply 20 more replies Answer Match 25.2% Every few minutes or so my IE will automatically open a new window redirected to Direct Tv or something else. Also when clicking on the results of a search the window will be redirected to something else other than what I seached for for three consecutive times. Your expertise is requested... Thanks jcfvoygr The Attach.txt is attached and the DDS log follows: DDS (Ver_09-12-01.01) - NTFSx86 Run by james.freeman at 17:01:08.73 on Tue 12/15/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.333 [GMT -6:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program ... Read more A:Another One IE redirects Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more 19 more replies Answer Match 25.2% I keep getting redirected to different sites than I've chosen. Most of the time the new window's title is "Jump". I've searched for the answer on here and so for nothing I've read has worked. Any and all help would be appreciated. Here is the HJT Log Logfile of HijackThis v1.99.1 Scan saved at 8:15:02 PM, on 01/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe C:\Program Files\iTunes\iTunesHelpe... Read more More replies Answer Match 25.2% (thanks for your suggestion Derek) If you or anyone else can tell me (IN SIMPLE English) what to do now, I'd appreciate it... which do I delete to stop these re directs or pop-ups....my internet has stalled to a crawl (or even stops and sometimes closes) while these exe pop ups and re-directs try to force their way through...do I delete them through the registry (and where would those files be?) or Hijack this? I keep getting from "odysseusmarketing" among others....I have panicware and lavasoft adaware...neither seem to be able to stop them or delete them and norton doesn't recognize them probably because it views them as a downloaded program Logfile of HijackThis v1.97.7 Scan saved at 11:08:30 PM, on 1/17/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\DATACA~1\FLashKsk.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\WINDOWS\System32\sysmgr.exe C:\WINDOWS\System32\Keyhost.exe C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe C:\WINDOWS\system32\pgtools\tatss.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\program files\altnet\points manager\points mana... Read more A:Pop Ups, Exe's And Redirects, Help!! Please continue in your original thread and please don't post duplicates. Closing duplicate. Continue here: http://forums.techguy.org/showthread.php?s=&threadid=190455 1 more replies Answer Match 25.2% First time I've come across something I haven't been able to remove myself. I get redirects when I click links from google results. I'm pretty sure it's a root kit.. A:Redirects... Hiya Can you do the following, and then we'll go from there Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Lo... Read more 1 more replies Answer Match 25.2% Hello, I've used AVG, AdAware and Counterspy to scan and remove most of the malware on my PC. They all run now without detecting anything. My problem is that whenever I do a Yahoo! search, upon clicking on a link I am redirected (results.yahoo.com) to the wrong site (each time it's different). This happens on IE6, IE7 and Mozzilla - but is unique to Yahoo. I am running XP SP2. I am attaching a HijackThis log for your review.Your help is greatly appreciated!Best Regards,Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:38:56 PM, on 1/24/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeD:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\System32\ezSP_Px.exeC:\WINDOWS\AGRSMMSG.exeC:\program files\support.com\client\bin\tgcmd.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeD:\Program Files\Sunbelt Soft... Read more A:Ie 6 Redirects Hi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerAlso, I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it is finding.Then reboot.After reboot, open your Avira and select "reports".There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and p... Read more 12 more replies Answer Match 25.2% Hi, last couple of days I've found if I do a google search and click on the result, I get taken to various advertising sites - Lightseek.biz savecompare.com sportcampinglocations.com bigshoppingdeals.co.uk kelkoo.co.uk etc I've run an anti-virus scan (F-Secure) which didn't show anything bad.Downloaded Ad-Aware, which found win32.trojan.NSAnti and 199 cookies it didn't like, and deleted them. I'm still getting directed to the sites. Found this site, and downloaded Malwarebytes following advice in this thread http://www.bleepingcomputer.com/forums/t/270212/ie-redirection/This found 4 objects and quarantined/deleted them.But, I'm still getting directed to the sites.Here's the logfile below, any ideas what I can try next?ThanksPaul---------------------------------------------------------Malwarebytes' Anti-Malware 1.41Database version: 3154Windows 5.1.2600 Service Pack 212/11/2009 18:35:49mbam-log-2009-11-12 (18-35-49).txtScan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)Objects scanned: 271208Time elapsed: 1 hour(s), 35 minute(s), 55 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detec... Read more A:IE redirects Welcome to BCUpdate mbam and run a FULL scanPlease post the results========================We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down) Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it. Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr==========================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it fi... Read more 5 more replies Answer Match 25.2% I am getting constant browser redirects and pop-ups in full browser pages. I have run many anti spyware programs but still have the problem. I tried to download Spybot as I have used it in the past and it worked. But I can't download it. When I get to the install screen, I keep getting an error. I also try to download Spy Sweeper but has the same problem. Can anyone help?? It's driving me crazy. I tried to download DDS for log but it was blocked.This is my Hijack This Log - Scan saved at 6:15:19 PM, on 2/25/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\WINDOWS ... Read more A:Redirects and Pop-ups Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will o... Read more 12 more replies Answer Match 25.2% Hello. I was experiencing constant redirects, so I ran MBAM and TDSSKiller. MBAM found 2,235 items and supposedly was able to fix all of them, but I am still experiencing the redirects whenever I try to access websites. TDSSKiller found nothing. Here are my logs according to the directions. I hope I did this right. I greatly appreciate any help. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by new at 22:26:54 on 2012-01-18 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.990.397 [GMT -5:00] . AV: avast! antivirus 4.8.1335 [VPS 100118-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common File... Read more A:Redirects won't go away Hello and Welcome to TSF. Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. ------------------------------------------------------ One or more of the identified infections is a backdoor trojan/rootkit. This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please refer to Microsoft's Online Safety article for tips on creating a strong password. Do not change passwords or do any transactions from the infected computer until it has been cleaned. ------------------------------------------------------ Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Kindly follo... Read more 19 more replies Answer Match 25.2% Hi all, does anyone know how to fix this? It is often reported affecting all browsers. This webpage has a redirect loop, ERR_TOO_MANY_REDIRECTS. This happens when trying to access a certain feature on a website, otherwise all actions on the site are normal. It has no obvious fixes. perhaps it's a website server issue A:Redirects Can you tell us which webpage it is? 6 more replies Answer Match 25.2% I run Windows 7 and am getting some odd redirects when I use Chrome (crackle.com, CBS, political ads!) I use MSE and have run quick scan on a regular basis, with nothing coming up. Running full scan now. I am sure I should add more protection, just not sure what and I really want this garbage to go away! Any help is greatly appreciated! A:Redirects Install and run MBAM Information about MBAM: http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial If this scan has been done, please post the the log into your next reply. Running TDSSKiller to obtain log Note: Don't cure or delete a threat, but choose skip for all instead. Please download TDSSKiller from here and save it to your Desktop Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters In the Additional options: Check Detect TDLFS file system Click Start Scan and allow the scan process to run Choose for all threats to Skip for all of them. Click Continue Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\) =================================================== ESET Online Scanner ================== Note: If your AV is blocking Eset online scanner, please temporarily disable your AV. I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal. Hold down Control and click on this link to open ESET OnlineScan in a new window. Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop. Dou... Read more 33 more replies Answer Match 25.2% Thankyou to whom will help. While surfing (Chrome) I am periodically (not always) redirected to: "http://00c89119.linkbucks.com/url/http://www.kpoww.com/index.html" I have noticed that my security suite (Eset) is unable to update its definitions and when I attempt to run a scan - it bogs down to a crawl. Ad-Aware found nothing and Malwarebytes did not find anything. Cheers! Josh A:Web redirects Hello Josh,First run MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.NowReboot into Safe mode with Networking.Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again. >>>>Please Download TDSSkiller Launch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.... Read more 7 more replies Answer Match 25.2% DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2 Run by Jared at 21:26:49 on 2013-12-06 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3005.1574 [GMT -5:00] . AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes ================ . E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe E:\Program Files\Java\jre7\bin\jqs.exe E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe E:\Program Files\Macrium\Reflect\ReflectService.exe E:\WINDOWS\Explorer.EXE E:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe E:\Program Files\IDT\WDM\sttray.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\TeamViewer\Version8\TeamViewer.exe E:\Program Files\Common Files\Java\Java Update\jusched.exe E:\WINDOWS\system32\ctfmon.exe E:\Documents and Settings\Jared\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe E:\Program Files\Skype\Phone\Skype.exe E:\Documents and Settings\Jared\Application Data\Dropbox\bin\Dropbox.exe E:\Program Files\TeamViewer\Version8\tv_w32.exe E:\WINDOWS\system32\wbem\wmiapsrv.exe E:\Program Files\iPod\bin\iPodService.exe E:\WINDOWS\System32\alg.exe E:\Program Files\Google\Chrome\Application\chrome.exe E:\Program Files\Google\Chrome\Application\chrome.exe E:\Program Files\Google\Chrome\Application\chrome.exe E:... Read more A:Pop ups and redirects that won't go away Hello bigj123454321 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the ... Read more 18 more replies Answer Match 25.2% Here's the story: A couple weeks ago everything seemed fine, except that my laptop was running painfully slow. Usually when that happens, I delete a bunch of needless files, download AVG, scan once, then uninstall AVG again since it slows down my laptop itself. This time I did all that, had a rough time getting AVG to uninstall, didn't think much of it. I don't know if any of this is related, but there it is. (I also lost access to my youtube account, but I think it's a stretch saying that's related. Worth a shot, though.) So a few days later, the redirects started. Any link I click as a search result in google, yahoo or bing, using firefox or chrome, gets redirected. I get led to a few different sites, but the names Scour and 100ksearches pop up most often. Clicking the url bar and pressing 'enter' before I get redirected is the only workaround I've found. I saw somebody say refreshing worked for them, but I've had no such luck. Then the random instantaneous reboots started happening (usually within 15 minutes of booting up, sometimes within five, sometimes several hours) and I started getting really bugged. A quickish late night search got me two names that worked for other people, Malwarebytes and Combofix. I tried MB first, installed, ran, and right when the scan started, the program disappeared. I went to run it again, and an error message popped up saying I didn't have permission to access that program. [the same thing happened with GMER just now, that's wh... Read more A:Redirects and so much more Hi and welcome to TSF. I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible. You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Please be patient with me during this time. 19 more replies Answer Match 25.2% Hello all !! This is my first post. Thank you very much for this thread. I have a problem with the google redirects, very similar to what bsweet0us is describing here. Should I continue to post here? elsewhere? I use XP and Firefox 3.0.8. When it starts up there are several error pop-ups when I reach the icons screen: 3 Google Installer pop-ups ''Google Installer has encountered a problem... ''etc. 3 View Mgr pop-ups ''View manager has encountered a problem... '' etc. and one error pop-up from micosoft.net Framework (predates the problem). I use AVG (free version) and have remnants of an old Norton program with the icon still visible at the bottom. The AVG seems to function okay (except for allowing this virus in of course). Sometimes the computer freezes up at the start / icons screen or the welcome screen. I have tried downloading and installing various anti-malware programs, but it seems that after downloading the set-up software, something in the computer is preventing them from installing properly. When I search using Google it displays the results properly, but when I click on a link I am redirected to some commercially-oriented search page that I've never seen before. I ran Gooredfix.exe as suggested by rigel, selected ''1'' and got this in the Goored log: (start of message) GooredFix v1.92 by jpshortstuff Log created at 08:40 on 16/04/2009 running Option #1 (E Sherman) Firefox version 3.0.8 (en-US... Read more A:Redirects Hi and welcome to BleepingComputer I have split your thread away from the existing one to give you your own. GooredFix was negative, so lets continue with MalwarebytesThe process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to... Read more 15 more replies Answer Match 25.2% Need help with redirects!!!!!! Have to attach active scan....when submitted first time came back text is too long. Here is the comboscan log.... ComboScan v20070226.18 run by Brian on 2007-03-27 at 17:33:45 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis (run as Brian.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 5:36:45 PM, on 3/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\HP\H... Read more A:need help with redirects bump. 4 more replies Answer Match 25.2% I am having problems with web redirects when clicking a google result. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:04:44 PM, on 11/29/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe

A:Web redirects

8 more replies

Hi ,I volenteered to fix my father inlaws pc . Initialy it didn't look to bad , I ran ccleaner and ran malwarebytes which picked up a couple of things . I first thought I got rid of the redirect problem so installd spyblaster changed IE setting and cleared system restore . I was just about to download firefox and relized that the redirect problem was still there . It gets redirected to what seem like genuin sites , alternate search engines and stuff and even got redirected to a you tube video . I could really use some help in getting to the bottom of this irittating problem , I have no idea how to read a HJT log so if someone could please take a look it would be appreiated .

Thanks .
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:32:58 PM, on 1/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

A:IE redirects (hjt log)

16 more replies

Here is my HijackThisLog

Logfile of HijackThis v1.99.1
Scan saved at 9:27:23 PM, on 11/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

A:Need help getting rid of IE redirects! Help

Hi and welcome to TSF.

I am currently reviewing your log and will be back with a fix for your problem as soon as possible.

4 more replies

Hi. I get pop-ups in the lower left and right corners of many websites and also get redirects when clicking on links. Can anyone help?

A:Redirects and pop ups

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:

10 more replies

Hello! So, the story goes that a few weeks ago, the computer I am using got infected with a rogue antivirus.  WinDefender 2008 or something that sounds much like that...although they all sound a lot like that. Got rid of it without much trouble. (pretty much just ran mbam and avg) Now..,REDIRECTS!  Not just antivirus or security related searched.  Pretty much every link i click in search results redirects.  About 80% of the time if I open the link in a new tab it won't redirect, but sometimes it will. The sites tend to se sites that look like lists of search results of the same terms I initially searched.  Sometimes it's crap like beauty tips or hot MMA girls.  Sometimes it's just an IP address, This one recently came up - hxxp://63.209.69.107.  There's nothing on the page. And it doesn't redirect 100% of the time, even when I don't open it in a new tab.  Again, maybe 80%. AVG and MBAM come up clean.  There's some vestige of the previous infection that I can't get rid of, obviously.   I would GREATLY appreciate any help that can be given.  It's not dangerous so much as obnoxious. Stats -- Win 7Chrome (usually), roommates use IE9. I never do, but I just opened it and did a search, clicked 5 links, and none redirected.  Maybe it's a Chrome-only thing?  Thanks!

A:Redirects and such

Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

6 more replies

More replies

Hello, I followed the preparation guide before posting. I ran the Farbar scan tool that generated the files FRST.txt and Additions.txt. But I ran into problems trying to make the post with FRST.txt. I tried to copy and paste the contents of the FRST.txt file in the message but then I would get an error message telling me my message was to long, that I needed to shorten it. Then I tried to attach the file instead of pasting it, but my FRST.txt file size is 523KB and the bleepingcomputer site says that the maximum file upload size is 432.38KB.  So I couldn't do that. I looked at what other people have posted, and I notice their file seems allot smaller than mine. So I looked at the contents of my FRST.txt file and noticed that the bulk of the file (mainly what gives it a large size) is all the entries of the files on my computer. The section of the FRST.txt file where the entries begin is at this heading:

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

Most of the files after that heading that are being listed in the FRST.txt file are from:

C:\WINDOWS\system32\         and
C:\WINDOWS\SysWOW64\

I'm not sure how someone will be able to help me if they can't see my FRST.txt file. I also thought about splitting the FRST.txt file into two files like FRST_PART1.txt and FRST_PART2.txt and making two separate posts just to post each one.... Read more

A:Getting redirects with IE and FF and GC

Hello Secret Society,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.   You can break the log down and use multiple posts if need be to post the entire log.

12 more replies

My computer has just today started to redirect my IE7 to some registry cleaner site and slowing my internet speed way down. I've read a lot of posts about this occurance and I figured before doing a clean sweep of my ystem (resulting in total loss of data) I would give posting my hijack file a shot. I know there's a lo of steps involved but I would muc rather go through all the steps than to try to put all the programs I have and try to recover the data I had. System restore does not seemto want to work either...my system keeps tellng me that it was unable to complete and no changes have been made. Help would be greatly apprecaited.here's the hijack log:
__________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:47 AM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy... Read more

A:Redirects and pop-ups

So after some research and fiddling here's what I've done so far to rid my puter of these redirections and pop-ups: booted in safemode and ran spybot S&D...it found 4 problems...wwwcoolsearch, and windowsfirewallbypass, which I fixed. I then ran malwarebytes and it found nothing. I rebooted in normal mode and tried to go to IE and boom...again with a popup. BUt this time with teatimer running it blocked the popup from actually showing a webpage yet still showed an empty page. I will posta new HJT log if someone will answer my request for help.

Thanks

1 more replies