Tech Problem Aggregator

Redirects and overactive A/V

Q: Redirects and overactive A/V

My comp is getting redirects from search engines, also my A/V (comodo) pops up with 'Unclassified Malware' every few min.I previously ran Hitman Pro, it successfully got rid of one rootkit, but the computer continues to have the above issues.DDS, and Hijack This ran fine and i will attach files. GMER would not run successfully, it either froze on scan, or when i tried to save log.I am not sure what the problem is or where it lies.Thanks in advance for your help.DDS (Ver_10-03-17.01) - NTFSx86 Run by Cory at 11:11:10.71 on Mon 06/14/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2360 [GMT -4:00]AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\system32\ASTSRV.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Program Files\CDBurnerXP\NMSAccessU.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\WINDOWS\Installer\MSI11A.tmpC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\Everything\Everything.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\LClock\lclock.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\UltraMon\UltraMon.exeC:\Program Files\UltraMon\UltraMonTaskbar.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Cory\Desktop\dds.scr*************************************************Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:22:49 AM, on 6/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ASTSRV.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Program Files\CDBurnerXP\NMSAccessU.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\WINDOWS\Installer\MSI11A.tmpC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Everything\Everything.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\LClock\lclock.exeC:\Program Files\Pidgin\pidgin.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\UltraMon\UltraMon.exeC:\Program Files\UltraMon\UltraMonTaskbar.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:8118;local;*.localR3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dllO4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startupO4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginO4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -hO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exeO4 - HKCU\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Cory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO4 - Global Startup: UltraMon.lnk = ?O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://revres/ConnectComputer/nshelp.dllO16 - DPF: {56E102F8-FAB1-4FEF-9FA7-D075442470E9} (CQGLocalInfoProvider Object) - https://www.cqgtrader.com/LocaleInfoProvider.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1236171446546O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239718343218O16 - DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} (Nafi Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {E84D31FB-302A-4F6D-86F7-94A685E9672B} (CQGGUID.GUIDGenerator) - https://www.cqgtrader.com/Global/CQGGUID.CABO17 - HKLM\System\CCS\Services\Tcpip\..\{90FEAAE4-D0A9-491C-A16E-B61B43F594C6}: NameServer = 64.238.96.12,66.180.96.12O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dllO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Program Files\ACT\Act for Windows\Act.Scheduler.exeO23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXEO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeO23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI11A.tmp--End of file - 9857 bytes

A: Redirects and overactive A/V

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:Download DDS and save it to your desktopLink1Link2Link3Please disable any anti-malware program that will block scripts from running before running DDS.Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear: DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"information and logs:In your next post I need the following1.logs from DDS2.RKUnHooker3.let me know of any problems you may have hadGringo

8 more replies
Answer Match 47.88%

I have an overactive pop-up blocker that is blocking things I don't want blocked such as the message I get after requesting to stop my flash drive from the USB port ("It is safe to remove the selected device." or something like that). I have disabled the pop-up blockers that I am aware of, but this continues to happen. Does anyone know how to stop it from blocking windows like this? It's not even an internet-related window, which makes it more puzzling.

Thanks!

A:Overactive Pop-up Blocker

Which popup blocker are you using?

4 more replies
Answer Match 47.88%

Hi,I've twice had to exchange a Probook 450 G3, for additional reasons also (faulty power connector), so have had experience with 3 units altogether. All 3 had the same issue, the fan would kick in too often, a few instances a minute, making an up and down whirring sound which was very annoying and distracting. The strange thing is that the fan would kick in when the CPU usage was minimal, <5%, web browsing is the most taxing thing I do, no gaming or intense graphic applications.Never had an issue like this with any other laptop/computer, it's basically brand new so no possibility of dust, too hot environment etc. My 8 year old Dell laptop with much more inferior specs handles these activities easily with infrequent fan noise/activity.The laptop is not getting noticeably hot for the fan to turn on and off so often. Is the G3 so heat inefficient that the CPU gets too hot very easily, or is the fan's thermal sensor temp. range too low and the fan is kicking in unnecessarily? I've updated the BIOS and chipset and already contacted HP support who want me to send it to them, but I explained that this issue happened on all 3 units, revealing that the model design/components could be at fault.Would appreciate any insight/explanation for this.

A:Probook 450 G3 Overactive Fan

I've seen other people complaining about the same issue, so I'm not alone: ProBook 450 G3 - Fan going on & off for no reason Fan making a wavy sound / HP ProBook 430 G3 Laptop's cooling fun speeds up speeds down constantly fan noise HP probook 430 G2 - fan noise probook 450 g2 cooling fan

1 more replies
Answer Match 47.88%

Hi,I've twice had to exchange a Probook 450 G3, for additional reasons also (faulty power connector), so have had experience with 3 units altogether. All 3 had the same issue, the fan would kick in too often, a few instances a minute, making an up and down whirring sound which was very annoying and distracting. The strange thing is that the fan would kick in when the CPU usage was minimal, <5%, web browsing is the most taxing thing I do, no gaming or intense graphic applications.Never had an issue like this with any other laptop/computer, it's basically brand new so no possibility of dust, too hot environment etc. My 8 year old Dell laptop with much more inferior specs handles these activities easily with infrequent fan noise/activity.The laptop is not getting noticeably hot for the fan to turn on and off so often. Is the G3 so heat inefficient that the CPU gets too hot very easily, or is the fan's thermal sensor temp. range too low and the fan is kicking in unnecessarily? I've updated the BIOS and chipset and already contacted HP support who want me to send it to them, but I explained that this issue happened on all 3 units, revealing that the model design/components could be at fault.Would appreciate any insight/explanation for this.

More replies
Answer Match 47.88%

I am currently using my IBM Thinkpad T20 (2647) with a basic microsoft hardwired mouse (not usb) with two buttons and the wheel.

The problems is that all of a sudden, the mouse has been behaving like I double click sometimes when I don't. For example, if I am in outlook and open an email, when i click on the red x in the upper right hand corner to shut down the email, it will also shut down the program.

It also will make me go two clicks back instead of one in Explorer and just about anywhere two clicks will cause a different behaviour. It isn't consistent and, for example, when clicking on email, if i simply want to highlight the item if i click it lightly and quickly, it will act like one click but if i give it a normal push, it will often act like a double click and open the email completely.

Any idea what is causing this and how i might fix it.

I am running Windows XP Professional and have uninstalled and reinstalled the mouse to no effect.

thanks
 

A:Need help with overactive mouse

6 more replies
Answer Match 47.88%

I can't install/run/activate active X or Flash and this messes up using Microsoft update, PCPitstop and other things. MS includes some sort of error about can't copy MUWEB.DLL but I think that perhaps some security program is blocking things to "protect" me. That is great - except when I need to use these features!
The PC is running XPpro, PcCillin, Spybot, and has run Hitman (SurfRight now disabled) and a couple other one time scans, fixes, and downloads (hosts etc.).

A:Overactive Security or ???

Internet explorer in XP sp2 blocks active x and produces a warning bar on your browser, which allows the active X to be run on subsequent click.

Also i would turn off all products and see if flash etc run then turn each on and see what product is the cause.

HTH

topspeed007

1 more replies
Answer Match 47.88%

Hi, My A drive at random times starts and runs for a few seconds, any ideas what causes this? Thanks,
Mo
 

A:Overactive A Drive

9 more replies
Answer Match 47.88%

My harddrive is going a hundred miles an hour and I don't know why. I bring up the task manager and nothing is running , but all I can hear is my harddrive . Any ideas ?

A:Overactive Harddrive

Chkdsk...defrag.

Louis

3 more replies
Answer Match 47.46%

Admittingly, I know little about networking and WiFi routers.

But I can't help wonder why two lights (labeled Wireless and Ethernet) flash on my Linksys WiFI router when my PC works on a document, searches for a file, or performs other routine functions that don't involve accessing the Internet or LAN.

Is it paranoid to think that information being transmitted despite a firewall and anti-virus software that claims my PC is clean? Or are these router lights flash for reasons other than indicating transmission? Note: they don't flash when the Ethernet cable is disconnected from the PC.

Any help would be appreciated.
 

A:Overactive WiFi Router?

6 more replies
Answer Match 47.46%

Problem emerged with my Win XP netbook today: after booting, it crawled through some simple web browsing. Process Explorer revealed that a couple svchost.exe processes are hogging the processor alternately, making my pc nearly crash while going through a ESET NOD32 virus scan. The problem alleviated when the first svchost.exe crashed and had to be stopped.

The scan turned up nothing, but there were already Win32/VB.PAM, Win32/Kryptik.FON, and Win32/TrojanClicker.Punad.AA trojan files in the quarantine. Also, ESET has blocked 3 connections from a garbled url. I haven't tried scanning in safe mode yet.

An svchost.exe process is currently using half the processor right now, but the computer is usable except for the fact that when transitioning out of a screensaver the computer chugs. I'm including an HJT log, which I have no idea how to read. I'm pretty sure I'm in trouble, but how bad is it?

EDIT: Also, when I first booted up my pc I heard it playing some audio even though I had no internet or media windows open. Suspicious, eh?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:04 AM, on 7/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WI... Read more

A:Overactive svchost - possible virus

6 more replies
Answer Match 47.46%

Hi all,

I have been having a strange problem for the past few weeks, and yesterday and today it's the worst ever. It's like everything I do online overcompensates and goes overboard. For example, if I click the "Back" button, it takes me back 3 pages rather than 1. Or if in email (Outlook) I try to click on a new message, instead of just opening it and letting me read the contents, it opens a whole new window to reply in.

I have cleaned out my temp. internet files and cache. I checked the mouse speed and everything is the same there as it's always been. Do you have any idea what could be causing this weird thing to happen?
 

More replies
Answer Match 47.46%

Recently I've noticed my hard drive is chattering all the time. Everything runs fine but I can hear it slowly chirping continuously. It never stops. System idle process is 98% so I know that's ok but it keeps on chattering. Is this a possible indication of a problem soon to happen?
Thanks!
 

A:Overactive hard drive

14 more replies
Answer Match 47.04%

Hi,I was hoping others in the same boat, or the HP team representatives could give insight/explanations with an issue with a laptop bought very recently.I've twice had to exchange the Probook 450 G3, for also additional reasons (faulty power connector), so have had experience with 3 units altogether. All 3 had the same issue, the fan would kick in too often, a few instances a minute, making an up and down whirring sound which was very annoying and distracting. The strange thing is that the fan would kick in when the CPU usage was minimum, or at a very low state, web browsing is the most taxing thing I do, no gaming or intense graphic applications.The specs, an i5 6200U with plenty of RAM and an SSD would suggest that it should handle these simple activities with little effort, in fact it was advertised as an Energy Star model at the time, there was a lot of info about how little power it uses.Never had an issue like this with any other laptop/computer, it's basically brand new so no possibility of dust, too hot environment etc. My 8 year old Dell laptop with much more inferior specs handles these activities easily with infrequent fan noise/activity. I would've isolated this as a unique incident except for the fact I noticed the same almost immediately with all three 450 G3s in the short time I had them.The laptop is not getting noticeably hot for the fan to turn on and off so often. Is the G3 so heat inefficient that the CPU gets too hot very easily, or is the fan's ther... Read more

More replies
Answer Match 47.04%
Answer Match 47.04%

I have a Gateway GT5068E PC, with 2 GB RAM and 200 GB disk drive. At power up, it responds very slowly and the disk drive works furiously, so I checked Resource Monitor @ Control Panel, and found that both CPU and RAM usage were often up to 90% or more. Furthermore, there were often over 400 'hard faults' for the RAM. This persisted for an hour or more, after which the CPU usage stayed below 10% and the RAM usage below 40%, with only an occasional 'hard fault' in the RAM. The system was naturally much more responsive. I intend to double my RAM, to 4 GB (the limit), and may get faster chips (666 vs 533, I believe). Does anyone know why the system thrashes so much for an hour after starting, and why there are copious hard faults reported for RAM? And is there any way to determine what speed the RAM chips are running, without disassembling the PC? (I disassembled it yesterday, when my daughter returned it, and cleaned it thoroughly.) Secondly, this Windows 7 Pro OS was installed only about 6 months ago, and does not, I believe, have much unnecessary software running under it. But Task Manager reports dozens of processes soon after start up, including MsMpEng.exe, which often consumes half of the CPU. And I noticed that 'TrustedInstaller.exe' was still running long after it should have been, so I killed it. Thanks for your help..
 

A:Solved: Overactive Software & Hardware

16 more replies
Answer Match 46.2%

Hi, I'm new to the forum so I'm sorry if this is in the wrong section or if the information I give is inadequate but I'll do my best.

I've managed to inherit an Acer Aspire 1652WLMi laptop from my mother... it used to run fine and seemed so much faster than my old desktop. But over the past... 2 years? It has seemed so much slower and the fan constantly roaring at ear-shattering levels.

Here are the specs:
Acer Aspire 1652WLMi Laptop running Windows XP ?Home? SP2
1.73 GHz
512MB ram DDR2 (support dual-channel???)

I think this should be enough info...correct me if I'm wrong

A few problems I've had are virtumonde (tried a few things and haven't seemed able to remove it), A hyperactive explorer.exe (generally bringing my CPU usage to 100%), An infected rundll32.exe (32.5 kb and has a page icon), Antivirus 2009 (stupid people don't know what year it is ) ... There are probably a few others but I'm tired right now. I can look into it later if need be.

Here is my Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 4:30:33 p.m., on 21/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Progr... Read more

A:Many viruses, slow computer and an overactive explorer.exe/CPU

Hi, welcome to TSF!

You are operating your computer with multiple Anti Virus programs.

AVG7
Avast!

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Uninstall one of them and keep only one.
________

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
___________

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on I... Read more

1 more replies
Answer Match 46.2%

Mine is a Dell Inspiron 5305 and I am on a small (3machine network) My machine is protected by Panda which auto updates all the time (aarg) My machine sounds like it is breathing hard all the time and the processes goes between 5% to 100% all the time with about 50 items running. It also kicks off the DSL connection on a regular basis and is so slow i almost don't want to use it. While sitting idel you can hear the fan speed up and slow down and the clicking of a hard drive working its little brains out exept I am not asking anything of it.

More replies
Answer Match 36.12%

Hi:

My computer is brand new out of the box couple days ago. Bought it because my other machine was atacked by malware. I did not download anything from old machine onto new. I did go to my aol email account and signed in. Imediately after this new machine is redirecting google searches, randomly, and also seems to redirect the second I try to sign on to my aol email.

Here are my highjackthis logs. Please advise and help!
The highjackthis scan also says: 'YOUR SYSTEM DENIED ACCESS TO THE WRITE FILE". Wants me to do something about this myself.
I am a newbie and know nothing.

Thank you,

A

A:Search Redirects, Random redirects, AOL email sign on highjack

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Answer Match 35.7%

I am hoping someone can help.I stupidly clicked to install some codec to get a video to run and then it asked me to install freshplay. either or both messed up the computer. Now, I cannot get IE7 to load (it flashes on the screen for a second then closes) and Google's Chrome browser will redirect after a few seconds of getting to the webpage I want. I assume there is some DNS problem too since Orb is not able to connect, I tried to install and run AVG and it can't connect to update (Malwarebytes can't connect to update either, but I installed the most current version from another computer) and Spybot won't run at all either after a successful install. I also just noticed my clock in the lower right hand corner has been set to 24 hour time rather than 12 hour time...Here was my first Malwarebytes run:Malwarebytes' Anti-Malware 1.34Database version: 1749Windows 5.1.2600 Service Pack 32/13/2009 9:10:40 PMmbam-log-2009-02-13 (21-10-40).txtScan type: Full Scan (C:\|)Objects scanned: 174278Time elapsed: 31 minute(s), 50 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 4Folders Infected: 1Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\Curr... Read more

A:freshplay/dns redirects-can't run IE7, Chrome redirects, can't load AV updates

Please delete, problem solved

2 more replies
Answer Match 34.86%

Hi,

Here's the symptoms that I'm seeing need some help.

1)Using Internet Explorer - Enter a URL and instead of going to the site it's redirected
2)Google Search - Clicking on Suggested Links the Browser will redirect
Noted Redirect Sites: happili.com, mevioe.com and flyrry.com and other unwanted sites.
3)No Longer able to connect to windowsupdate.microsoft.com or access the windows update site directly from www.microsoft.com

Ran Malwarebytes with latest definintions comes up clean
Ran Ad-Aware with latest Definintions comes up clean
Running AVG scans reports clean

Note: In the Following Requested Logs you may notice the process Teamviewer I'm Aware that this is a Remote Control Software as Me (The person posting this) is helping a friend who lives to far away to actually work directly from their PC. Wanted to point this out.

Before Running hijackthis, DDS and GMER I disabled the AVG processes so that the Antivirus Engine wouldn't interfer with these scans.

Requested Logs

####### DDS ##########
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jen at 23:58:43.82 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.530 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Internet Antivirus 2011 *Enabled/Updated* {DD66DA46-1A1C-43D7-B787-8D5FA72... Read more

A:Browser Redirects, Google Search Redirects

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issu... Read more

18 more replies
Answer Match 34.86%

Okay,For the past 4 days I have been trying to get rid of malware that redirects my searches. It redirects searches links from google, yahoo, ding, etc. It may also be turning off my MacAfee when MacAfee updates at night. I have done all steps to cleaning this up as according to several forums I have seen posted. I'm running on an older hp that I have upgraded with more RAM, etc over the years. I run on XP. I need to try to keep this computer running for the next 6 months until I'm done with school, then I'm tossing this an buying new. Here is what I have done:updated Javaupdated Adoberun CC cleanerturned off real time scan on MacAfeerun malbytes anti-malware scanrun super anti-spy warerun hijack thisI just finished a full scan of MacAfee and it comes up clean.This is the last log from hijack this. Is there still something in here I should delete?Please help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:05:41 PM, on 1/1/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS&#... Read more

A:search engine redirects, website redirects

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab and then scan.Don't check
Show All
box while scanning in progress!When scanning is ready, click Copy.This copies log to clipboardPost log in your reply.

2 more replies
Answer Match 34.86%

Any Google result sends me off to anti-virus software sites (probably fake). In addition when I try an access a security site like TrendMicro or BleepingComputer this also sends me off to these anti-virus (fake) sites. Here is the HiJack 2.0.2 log (hope I'm doing this correctly)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:10:59 PM, on 1/27/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\stsystra.exeC:\Program Files\Del... Read more

A:Google Redirects and Security Site Redirects

Hello, OverSixtyToo to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirrorThis is another mirrorDisable any type of "Script Blockers" or "Script Protection" installed on your system.Double click on your desktop.If prompted by any script blocking tools, please allow any actions taken by DDS.Two reports will open. Please reply with the generated reports:DDS.txt <-- Copy and paste into your next postAttach.txt <-- Attach to your next postWe need to scan for Rootkits with GMERPlease download GMER from one of the following mirrors:This is the Primar... Read more

2 more replies
Answer Match 25.2%

Ok, my Windows 7 computer was randomly redirecting me, like I would be clicking on links in youtube and it would go to some other site. So I ran HJT and it has the following entries:

O1 - Hosts: ::1 localhost
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.

When I loaded HJT it gave an error about not being able to access the hosts file. I went to drivers/etc and the hosts file was not there. I had to use the command line to do some tricky things (gain ownership of the file, and remove the S and H attributes) so that I could see and open the file. All that's in the file is:

127.0.0.1 localhost
::1 localhost
The ::1 localhost looks weird to me, is that ok?

Anyhow, then I scanned with HJT, found those O1 entries above, and fixed them. And rebooted. Then I scanned with HJT and those entries were back!

Where are they coming from if not the hosts file?

And are they bad or just normal? They seem odd!

Thanks!

A:O1 HJT Redirects I can't get rid of

Hi,Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds file to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.

10 more replies
Answer Match 25.2%

When I go to do Google searches, it keeps trying to redirect me with "vipsearchs". I have No Script installed, which keeps it from going wherever it's trying to send me, but Google is still useless. I've run just about every reputable anti-virus program I can find (Malwarebytes Anti-Malware, SUPER Anti-Spyware, Spybot Search and Destroy, AVG), and none of them are finding anything.SpyDoctor found a "possible Browser Hijack", but it couldn't fix the error even when I ran it in SafeMode. Any help would be greatly appreciated. You never realize how much you use Google until you can't anymore.Hey same problem, but your link to BTKR_RunBox won't download.

A:Redirects

Hello and welcome. Lets do tis next,Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.>>>Download aswMBR to your desktop.Double click the aswMBR.exe to run it.Click the "Scan" button to start scan:On completi... Read more

1 more replies
Answer Match 25.2%

Sometimes I am redirected to an ad-webpage when using IE7. I have not found any other problems with the computer. Nothing is found when scanning for virus and adware. I have included my HJT log, please advice. Thanks /Fred

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:08, on 2008-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WIN... Read more

A:IE7 redirects

Can someone help, please
 

2 more replies
Answer Match 25.2%

Since yesterday (December 22, 2009), every website I try to go and every url I type in redirects to www.vtr.com! It's in Spanish, and seems to be a shopping site. Some research tells me that the site has "high security standards, very trustable". That's the only thing it does; it doesn't let me go to any website other than vtr.com.
I have Windows XP, and Internet Explorer.
In safe mode, I have run Malwarebytes' Anti-Malware, with nothing detected. I have run avast! Antivirus, also with nothing detected. I have run Spybot-Search & Destroy, and it detected six infected files, but the removal of these files did not help with the vtr.com problem. I have also run CWShredder, with nothing detected. I ran SuperAntiSpyware, with browser tracking cookies discovered. I deleted them to no avail.
I'm completely new, no experience at all with this kind of thing. I have no idea what this is!
Please help me!

A:EVERY URL redirects!

This is going to sound like an extremely dumb question, but is it possible that your home page got changed to vtr.com?whoops misread it =/

4 more replies
Answer Match 25.2%

Recently "someone" was on my computer and either clicked a side ad or clicked something in a search, even though they say that they did not. Anyway, I have been getting redirects off and on for several weeks. At first it was so infrequent that I didn't really notice it. Now it is a daily occurrence. It happens when searching in Bing and in Google. Usually, if you go back and click the link again you get to the site you are looking for. Here is my Hijack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:07 AM, on 11/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe
C:\Program Files (x86)\Moz... Read more

A:Redirects

16 more replies
Answer Match 25.2%

I've ran Dr. Web ... I've ran mbam bellow is the log... and I've ran SuperAntiSpyware and I still get redirects.Edit since moved.. running windows xp7/9/2009 2:19:22 AMmbam-log-2009-07-09 (02-19-22).txtScan type: Full Scan (C:\|)Objects scanned: 234389Time elapsed: 53 minute(s), 1 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 10Registry Values Infected: 1Registry Data Items Infected: 2Folders Infected: 1Files Infected: 8Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{674de1aa-facf-47a5-a4cf-9ef05f9a1b2a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{674de1aa-facf-47a5-a4cf-9ef05f9a1b2a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-... Read more

A:Still getting redirects :-(

I read a few redirect problem post seems Smitfraud option 1 is the 1st step so i ran it and here is the log.

SmitFraudFix v2.423

Scan done at 16:34:59.65, Fri 07/10/2009
Run from C:\Documents and Settings\Vitamin SB\My Documents\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

???????????????????????? Process

C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware... Read more

13 more replies
Answer Match 25.2%

How can I stop redirects on google chrome?

A:redirects

Hello jakedot2I moved you to the Am I Infected forum from WIN 7 as this is usually what it is. First see if it is the Add ons/ Plug ins in Chrome that may be at fault. How To Disable Individual Plug-ins in Google ChromeNext you should run these.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx... Read more

1 more replies
Answer Match 25.2%

Over the past 2 days my IE 7 browser has suddenly started being redirected when I click on links from a search on MSN or Yahoo.

In the link history, I can see a redirect and Jump links. Some of the sites I have been taken to are www.shopica.com, beta.tidatv.com, www.searchme.com, and www.vbs.tv.

I have run scans via Kaspersky Internet Security but it has not found a problem.

Here is the DDS.txt file:
DDS (Ver_09-01-18.01) - NTFSx86
Run by Lunt Family at 13:09:09.75 on Wed 01/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.547 [GMT -6:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lunt Family\Local Settings\Temporary Internet Files&#... Read more

A:IE 7 hit with Redirects

Hi

If you still need help with this post back a fresh dds log, please.

2 more replies
Answer Match 25.2%

I have been having issues with IE7 redirecting my searches. If I search for a topic, a relevant list of sites comes up. However when I click on it I then get re-directed to another site.

I have Norton 360 which scans 2 times a day and shows that my system is clean. I ran the panda active scan which shows that not true. I have automatic updates and my system shows it is up to date??

How do I get rid of these and get my browser functioning properly again? Thanks for the help!

====================================================

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-19 09:20:02
PROTECTIONS: 2
MALWARE: 21
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton 360 8.2.0.81 No Yes
Norton Antivirus Internet Security 2008 No No
;=============================================... Read more

More replies
Answer Match 25.2%

I have recently been infected with a virus that is redirecting clicked links and producing pop ups.
I ran tdsskiller and it finds, Malicious objects - Rootkit.Win32.TDSS.tdl3 in C:Windows\system32\drivers\ndis.sys.
When I click continue is says, System scan completed.
Infection: Cured
C:Windows\system32\drivers\ndis.sys - processing error.
It does this everytime I run tdsskiller, like it is never cleaning or curing the problem.
Run in safe mode.

Thanks in advance for any and all help.
Awaiting further instructions to post any logs.

Rick


OS: Vista 32 Ultimate SP2

More replies
Answer Match 25.2%

Hello, I'm new to this forum. I have run combofix on my computer and it's and I'm still having problems. I've tried yahoo, google and have tried using firefox and ie7. I also tried to download malwarebytes to run that program and it directing me to another website. Here is my combofix log.
ComboFix 11-02-11.02 - Tiger 02/12/2011 9:48.14.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.154 [GMT -6:00]
Running from: c:\documents and settings\Tiger\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 )))))))))))))))))))))))))))))))
.

2011-02-12 05:13 . 2011-02-12 05:13 -------- d-----w- c:\windows\LastGood
2011-02-07 19:36 . 2011-02-07 19:36 56832 ---ha-w- c:\windows\system32\LPRnwxp.dll
2011-02-03 21:48 . 2011-02-03 22:10 -------- d-----w- c:\documents and settings\Tiger\Application Data\muvee Technologies
2011-02-03 18:26 . 2011-02-03 18:26 -------- d-----w- c:\documents and settings\Tiger\Application Data\Leadertech
2011-02-03 15:48 . 2011-02-03 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2011-02-03 15:46 . 2011-02-03 22:23 -------- d-----w- c:\prog... Read more

A:redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

9 more replies
Answer Match 25.2%

Hello everyone and first off, thank you for *existing* because I am usually decent with computers but I don't know what else to do with this seeming malware trouble. For approximately 2 months, I have been receiving right side pop ups when browsing webpages. If I right click the "global settings" link which doesn't always appear, it will show edgesuite.net; when clicking a webpage link, maybe 50% of the time, I am redirected to another site. I also notice that the home page keeps reverting to AVG search.

I am running Windows 7 Home Premium, Service Pack 1 using Firefox (but still get the msg if I try IE)
Please let me know what else I can do to help. Thanks!

Heather

A:redirects and pop ups

Hello Heather, pleae do these and let me know.Reboot into Safe Mode with NetworkingHow to start Windows 7 in Safe ModeRun RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to s... Read more

12 more replies
Answer Match 25.2%

Please help me! I have numerous pop up ads and evertime i open a browser window (IE or Firefox) it redirects me to something else. Here is my logs:Deckard's System Scanner v20071014.68Run by Ashley Sanson on 2008-06-16 22:13:51Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 3 Restore Point(s) --3: 2008-06-17 03:14:01 UTC - RP3 - Deckard's System Scanner Restore Point2: 2008-06-17 02:01:19 UTC - RP2 - sss1: 2008-06-17 02:00:39 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 447 MiB (512 MiB recommended).-- HijackThis (run as Ashley Sanson.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:15:21 PM, on 6/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ACS.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EX... Read more

A:Pop Up Ads And Redirects

Hello Peanutt031 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is comple... Read more

7 more replies
Answer Match 25.2%

Hi, well I'm not the most tech-savy person but usually I capable of fixing these problems myself with some trial & error. But I seem to have caught some sort of virus/malware or something of the sorts. The issues I am experiencing are redirects randomly and pop-ups leading me to weird sites trying to make me purchase things. Also my PC seems to have slowed down quite a lot. I've ran scans with malwarebytes and various other programs and it tells me I'm fine yet these problems occur. I've searched through Google and this forum for help but nothing seems to be working for me so I though I'd sign-up and start my own thread and see if you guys could give me a hand. Thanks in advance.

A:Redirects/Pop-ups

Also I forgot to add I have 2x iexplore.exe processes running according to task manager even though I only use Firefox and there is no internet explorer tab on my windows taskbar. I found this to be weird so I thought it might be helpful to you in some way.

15 more replies
Answer Match 25.2%

When in Microsoft Internet Explorer my google searches are redirected to "Click.sureonlinefind.com"
 
LOGS:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.21.2
Run by John at 6:18:29 on 2013-06-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6128.4554 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Mic... Read more

A:Redirects

Hello jonknite I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

15 more replies
Answer Match 25.2%

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz, x86 Family 15 Model 2 Stepping 9
Processor Count: 1
RAM: 991 Mb
Graphics Card: SiS 650_651_M650_M652_740, 32 Mb
Hard Drives: C: Total - 305234 MB, Free - 252779 MB;
Motherboard: ASUSTeK Computer INC., P4S533MX, REV 1.xx, xxxxxxxxxxx
Antivirus: AVG Internet Security 2011, Updated: Yes, On-Demand Scanner: Enabled
malwarebytes-anti-malware
i get pop ups every so often- on both mozilla-firefox and internet
explorer. i get redirected even when that site hase no relation to the site i may be veiwing also when i attempt to access a site upon start up or change when on another site
 

A:redirects, pop ups

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:38:53 PM, on 1/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\... Read more

2 more replies
Answer Match 25.2%

For the past 2 day when searching with google, when clicking a result I get redirected. Even with know result to know sites that are good. Also my system has really slowed down, especially on line material.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Randy at 13:41:24.28 on 21/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.464 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Anzio126\anzio32.exe
C:\Anzio126\anzio32.exe
C:\Anzio126\anzio32.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and ... Read more

A:Redirects

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

7 more replies
Answer Match 25.2%

Hi I am writing this because I have been getting very bad pop ups and redirects since I got IE9, very simular top what is happenong in this post http://www.bleepingcomputer.com/forums/topic462771.htmlThat being said I ran all the scans that were suggested and the redirects seem to have gotten better but the pop ups are still present. I am posting the results for the scans here.I have ran the Minitoolbox scan several times and keep getting thwe same result, so I am guessing you will say it's incomplete.Any help you can suggest would be greatly appreciated as this popup is VERY annoying.LOG FILESResults of screen317's Security Check version 0.99.43 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG Internet Security 2012 Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.1 Java™ 7 Update 5 Adobe Reader X (10.1.3) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe AVG avgtray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% `````````... Read more

A:Pop ups and redirects in IE9

Welcome aboard You're running two AV programs, AVG and MSE.You must uninstall one of them.If AVG use AVG Remover: http://www.avg.com/us-en/utilitiesRegarding MiniToolbox...If your "hosts" file is infected sometimes it'll create a long blank space following this line:::1 localhostScroll down and you may see more text.

7 more replies
Answer Match 25.2%

Hello everyone. Lately I have been having problems with being redirected to differn't sites than the ones I click. This seems to happen when I use Yahoo! or Google! and click a search result it gave me. When I click it I am then redirected to a site completely differn't than the one I wanted. I therefore have to go back copy and past the link in my browser and click go manually then it works. I have ran Adaware SE, Spybot, BitDefender, and AVG and still can not get rid of this problem. Below I have included my HijackThis log. Please help!Logfile of HijackThis v1.99.1Scan saved at 11:55:51 AM, on 1/9/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ACS.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:&#... Read more

A:Redirects

Please help....

6 more replies
Answer Match 25.2%

Hi, I'm having a lot of pop ups and redirects, a lot of sites refuse to load, and many (a lot of social networking sites, for some reason) just don't work properly. I should note that I'm pretty computer literate, and so I can tell the difference between a slow internet/downed server and malware. I've tried SuperAntiSpyware, Malwarebytes, and Combofix (I verified that it came from a legitimate website), as well as normal maintenance like checkdisks and looking through the system config utility.HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:13:37 PM, on 7/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\AWS\WeatherBug\Weather.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXEC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\Program Files\Steam\Steam.exec:\program files\steam\steamapps\common\left 4 dead\bin\sdklauncher.exeC:\Program Files\Real\RealPlayer\realplay.exeC:\Program Files\Internet Explorer\iexplore.exec:\program files\steam\st... Read more

A:pop-ups, redirects, etc.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 25.2%

I followed as much instructions as I possibly could to remove my infection. It was a Trojan and rogue program, all icons on the desktop were changed to hidden, program files, start menu, etc all changed to hidden. Removed the infections with malwarebyes and Superantispyware, rkill, did ccleaner but still getting redirects. After the scanners showed the system was clean, I did a system restore and that changed the file properties back to not hidden but still---redirects Here are my logs below. Any help would be greatly appreciated.
***********************
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Douglas T. Bates IV at 4:13:29 on 2011-12-20
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3836.2712 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetwork... Read more

A:Getting redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

4 more replies
Answer Match 25.2%

Thanks in advanced for any help without you i would not be able to afford or have the knowledge to fix.

I hve a HP pavillion running windows XP last few days i have been getting redirected on all google searches
i have run Malewarebytes scans and have detected nothing and have tried Superantispyware scan and have
also detected nothing more than tracking cookies.was gonna do a system restore but was not running so
that was not a option.the performance as for as computer speed appears just fine just these redirects. so
here are all the logs that you asked for i hope i did them right.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:49 PM, on 2/24/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHs... Read more

A:redirects,redirects and more redirects...HELP!!!!!!!!!!!!

16 more replies
Answer Match 25.2%

This is one of the computers at work I've been asked to troubleshoot. I get multiple popups whether browsing the internet or just working on local aps like Word, am redirected to other web pages without requesting them, and the PC shuts down often. I've run various virus checkers, but most recently Ad-Aware and Spybot. Both had difficulty downloading updates. Ad-Aware found several cookies and win32.trojandownloader.zlob which kept returning after removing it and rescanning. Spybot stopped scanning 1/3 way through and got "error during check!" messages on coolwwwsearch and webdialer - neither of which I could "fix". On startup, I get the following error messages:*awtsq.exe - cannot access specific device*could not run awtsq.exe c\windows\sys32\awtsq.exe*error loading e\win\sys32\mlchivpu.dll*during scan of files at system startup errors in sys reg found p-07-0100 irql:1fSYSVER0xff00024 NT_Kernel error 1256KMODE_EXEPTION_NOT_HANDLEDI only have access to this computer a few hours a couple of days a week, so be patient with me. Here's the HJT log I ran the last time I had access to it. I'll have access to it again for a few hours in the morning. Even though it shows AVG files, the program has expired. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:29:27 PM, on 1/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\S... Read more

A:Pop Ups And Redirects

I have done some additional things since posting this original hjt log - I've removed the Kaspersky antivirus software, tried to update avg but couldn't, ran ccCleaner slim, ran the vundofix and it found 2 files - wtfuetxe.dll and wtfuetxe.dllbox which it looks like it quarentined in a folder, and I ran SmitFraudFix. The C drive icon is now replaced with a red X and there are multiple .dll files in the C drive. I was going to install a new free avg anti-virus and anti-spyware program but ran out of time. I'm going back now to do that. Here is the latest HJT logs and rapport.txt log from SmitFraudFix.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:41:00 AM, on 1/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\sv... Read more

12 more replies
Answer Match 25.2%

Hope you guys can help

My daughter got sent a link via Messenger which she clicked.

I now have NOD32 flagging up problems, pop-up ads within IE pages, browser pages opening on their own.

I have scanned with Adaware, Spybot S&D, and also tried CWS Shredder. I have removed anything flagged up, but still the problem is there.


Logfile of HijackThis v1.99.1
Scan saved at 23:36:03, on 28/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Scr... Read more

A:IE Pop-ups and redirects

Hello nagsville and Welcome to TechSupport,

Please do the following:

Scan with HijackThis. Place a check against each of the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

* Turn off the real time scanner of any existing antivirus program while performing the online scan
Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In... Read more

19 more replies
Answer Match 25.2%

I recently removed the AV Soft bug by downloading Malwarebytes. That seems to have taken care of the popups for now. I notice that IE keeps redirecting me when I am viewing one of my favorites. I have WindowsXP and IE8.

For some reason, I'm also having trouble posting from the infected computer...I get the "Internet Explorer cannot display...etc" in the upper left corner of screen.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:45 PM, on 6/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\... Read more

A:IE redirects

11 more replies
Answer Match 25.2%

http://www.bleepingcomputer.com/forums/topic403533.html/page__p__2290536__fromsearch__1#entry2290536

A:IE redirects

Please do not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. Further, it necessitates staff spending time with housecleaning to remove or close those duplicate postings...time which could have been provided to others needing assistance. I have removed any duplicates to avoid confusion.Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKillerDouble-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.Any objects found, will show in the Scan results - Select action for found objects and offer three options.If an infected file is detected, the default action will be Cure...do not change it.
Click Continue > Reboot now to finish the cleaning process.<- Important!!
If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you ... Read more

16 more replies
Answer Match 25.2%

I am trying to help a co-worker with his daughters laptop. Everytime she attempts to go online, the browser gets redirected to some random website, or a popup that tells her she needs to buy some AV software. I ran malwarebytes and cleaned about 700 files but it didn't seem to help that much. I tried to run HiJack this but it wouldn't let me see the host files at all. I cannot get that machine to go on the internet so any downloads will have to be transported via usb flash drive to her laptop. Thank you so much!
 

A:IE Redirects

16 more replies
Answer Match 25.2%

If I insert all the information you request , it won't even let me post the message. Is there another way around it?

A:Redirects,pop ups

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

25 more replies
Answer Match 25.2%

I believe my son, who for his safety will remain nameless picked up some spyware. Attempts to download a commercial remover result in Oops! This link appears to be broken.

I have downloaded and ran HijackThis and below is the result. Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:17 PM, on 5/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\20104.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS... Read more

More replies
Answer Match 25.2%

We just got my brother in law's old laptop, so I'm not sure if these are new issues or have been there for a while, but we're experiencing redirects, pop-ups and general slowness in both Firefox and Internet Explorer. There haven't been many system crashes, but I tried to do a system restore and it froze on the screen each time.

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:13 PM, on 5/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Prog... Read more

More replies
Answer Match 25.2%

When i go on some of my favourite sites i keep getting redirected to another webpage.

Logfile of HijackThis v1.99.1
Scan saved at 21:53:05, on 21/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Documents and Settings\Rhys Morgan.RHYSJOERHYS\Desktop\Applications\utorrent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rhys M... Read more

A:redirects

16 more replies
Answer Match 25.2%

When running internet explorer 7 and clicking on a link from a search menu, I'm redirected to some other web seach page or site. Is there some type of virus or malware doing this. Please help.Here is a print from the Hijackthis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:03:15 AM, on 7/4/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16681)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\PrevxCSI\prevxcsi.exeC:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exeC:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\System32\wpcumi.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXEC:\Windows\ehome\ehmsas.e... Read more

A:Ie Redirects

It's been three days on this post and still no help.

2 more replies
Answer Match 25.2%

When I search on line using google using firexox and click a website it will go to a whole different site and if i close and do it again that same link will be a different site again.Also out of no where i will get a pop up with some random site without even click anything.Hope someone can help. Here is my HiJack this log.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:37:37 PM, on 5/24/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\windows\System32\smss.exeC:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\system32\svchost.exeC:\windows\system32\svchost.exeC:\windows\system32\svchost.exeC:\windows\system32\spoolsv.exeC:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\windows\Explorer.EXEC:\Program Files\eMachines Bay Reader\shwiconem.exeC:\windows\system32\RUNDLL32.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Windows Live\Messenger\... Read more

A:Getting redirects and pop ups.

Good evening. Please follow the instructions here and post accordingly into this thread.

15 more replies
Answer Match 25.2%

Hi guys, i've noticed a lot of google redirect threads so i thought i'd post mine too. Currently i have already run tdsskiller and it finds absolutely nothing, i have ran various virus scanners such as malwarebytes, superantispyware, spybot S&D. I know i shouldn't have but i have already run Combofix with little results, i have run various MBR scanners and they have found nothing. My hosts file is completely normal and no-one else in the household is getting the problem which takes out the router. I am absolutely confused, i have never come across a malware problem i haven't been able to remove myself and this one is ridiculous. I have tried various browsers and it still redirects. The weird thing is the redirects don't always happen and if i'm honest at this point i'm tempted to just put up with it because i have yet to run a scanner which actually found anything. The only thing that points for me to an infection besides redirects is W7 security centre has been disabled and it cannot be enabled, i also cannot install Security Essentials or Windows Defender. I am running 64-bit by the way if that helps with anything.

I have already completely uninstalled Java and all of my browsers, TCP settings in the control panel are completely normal and no proxy is being shown as enabled, i just do not know how this thing is getting around everything. There are no suspicous processes running. Google searches are redirected i'd say every 3 times, so n... Read more

A:Redirects... Tried Everything

Hello ashyy and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please ... Read more

6 more replies
Answer Match 25.2%

I need help, I am getting redirects in IE and Firefox, Chrome wont work at all. Last week I got the "Antimalware Doctor" virus along with a rootkit, so I proceeded to clean the computer and thought I got everything but I am still getting redirects.

Since then I have run Spybot, SuperAntiSpy, Yahoo Antispy, Malwarebytes, IObit Security 360, AdAware, Mcafee stinger, Avast scans and online virus scans House call and BitDefender, everyone comes up clean, Hijack This appears to be clean as well.

I have also disabled all add ons and extensions in IE and Firefox, removed any toolbars, I also get the redirects in IE(run with no add-on's) and Firefox safemode. I have removed any odd programs.

Occasionally I will get a Avast blocking stuff from executing a Svchost from running and get a Microsoft error dump for a Svchost. Not surewhat to do about this. The virus I had did corrupt some system files, winlogon.exe and eplorer.exe, but this seems to be ok now, but thought I'd add this info.

Not sure where to go from here, can someone help me with this problem?

Thanks

A:Bad Redirects

im not a specialist or anything, but im wondering this:

do you have all the above listed antivirus programs installed at the same time? cause if i remember correctly, you're only supposed to have one installed at a time.

also, another thing u can suspect is your router. if you read my thread you just might get an idea of what's going on.

The best thing would probably just be to wait for a moderator though.

hope for the best!

- John

4 more replies
Answer Match 25.2%

I've been having a terrible time trying to disable a virus (or multiple viruses) on the computer. I've run MSE as well as trying lavasoft and avast software, nothing seems to detect this thing. Despite that, I am constantly redirected to spam sites while surfing the web and either square or phone shaped pop up appear in the bottom right hand corner of my browser. This happens on both Firefox and Chrome. Now something seems to be messing with my anti-virus, since it magically disappeared from my system yesterday. Any help would be greatly (!) appreciated.Thanks!Win7 64 bit

A:Redirects and pop-ups

Welcome,please run these and post the logs...Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.>>>>Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click on Change Parameters Put a check in the box of Detect TDLFS file system Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select a... Read more

17 more replies
Answer Match 25.2%

I just purchased a new computer a few weeks ago and now I am having problems using it. Any web page I visit will have multiple adult pop-ups and at times I will be redirected to another page all together. I figured Windows updates might have something to help but I cannot access the update page at all, get redirected every time. I am not a computer savy person so I purchased Norton Antivirus 2005 yesterday figuring that would resolve my problems. After install, it detected quite a few viruses but also detected spyware. Even after quaratine and all I still have the pop-up issues. Im not sure where to start to get rid of all this crap but I would definately appreciates someones assistance. As I said before, I am not a "Computer person" so please be gentle.
 

A:Pop-ups and Redirects

14 more replies
Answer Match 25.2%

Hi Gents,Over the Thanksgiving holiday, I got stung by the redirect bug which is affecting all my browsers (Google, IE). I am an MCP and so began troubleshooting on my own, but have not gottent rid of the problem yet, obviously. The following programs have been run to clean this up (all with up to date definitions): MalwareBytes, Stinger, Spybot, Spyware Doctor, OTL, ComboFix, TDSS remover (forgot the full name), CCleaner, Auslogics Registry Cleaner. I have all logs available for inspection as to what I have done. I understand the process will take some time; Just as long as I get rid of this pest and NOT have to replace the PC (HP Netbook Mini 110-3135DX). I rely on this machine here at my turntable shop for business. I think I'll begin with the logs for OTL, main log first:OTL logfile created on: 11/24/2012 7:12:52 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mstcraig\DesktopStarter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1011.90 Mb Total Physical Memory | 390.12 Mb Available Physical Memory | 38.55% Memory free1.99 Gb Paging File | 1.26 Gb Available in Paging File | 63.51% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 216.66 Gb Total Space | 188.95 Gb F... Read more

A:8.22.70.252 & 63.209.69.107 redirects

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete ... Read more

43 more replies
Answer Match 25.2%

Hi, I'm running XP MCE w/ service pack 2, have all the 5 steps completed

I'm having problems with pop-ups especially hxxp://www.seekalicious.com
Also all sorts of internet redirects.
Spybot S&D has cited NSIS Media. I downloaded a specific program to respond to that, but it did not work.
Command Service is also a problem I cannot solve


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:41 PM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\R3JlZw\command.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.ex... Read more

A:Pop-ups, redirects

bump, please

15 more replies
Answer Match 25.2%

I started having problems with my comp on April 29th. I had obviously picked up some sort of malware while browsing. My performance slowed abysmally, windows closed randomly, my wallpaper was replaced by a big flashing ad for some ******** spyware remover. Even my screensaver wouldn't work. My ISP called and said they'd cut-off my internet service if the problem wasn't taken care of right away. A friend helped me get the install files for MalwareBytes and CCleaner (msn messenger was virtually the only program working), and after scanning with those programs everything pretty much went back to normal.

The next day, I started experiencing the (apparently quite common) 'google redirect' problem. The severity varies day by day, but generally speaking, if I click a link in Firefox a new tab will open and the status bar will have some massive URL that begins with http://www.googe-redirect.com... - I'm often redirected to one of several search engines, but sometimes I'm taken to pages that are completely unrelated. Sometimes I'll end up being 'redirected' to the proper place. Sometimes I'm not redirected at all.

The google redirect issue is my chief problem, but there are other things going on as well. My computer still performs quite poorly, and sometimes my taskbar disappears. If I attempt to scan with Eset, it picks up several issues, but specifies than it cannot fix several of them until I reboot my computer. As soon as I reboot, I get the exact same message. I... Read more

A:Redirects, etc.

Hello, Sir Burley Bee :)
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to back up your registryPlease download ERUNT and save it to your desktop.
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
Install ... Read more

9 more replies
Answer Match 25.2%

My problem is I have an tutorial animation created in Flash that is going to be on a CD ROM for one our our clients. I can get the cd to autostart using autorun.inf easily. The problem I have is that when the user first inserts the CD it starts a file that allows them to install the shockwave player on their system, which they need to view the animation.

What I need to know is can I alter the autorun.inf to test wether they have installed the shockwave player and if so redirect them to the tutorial animation without having the first install screen appear?

Does that make sense? try this:

1. user inserts disk for first time
2. autorun displays the install file
3. user installs software.
4. when user next inserts disk autorun checks to see if software installed, if yes then redirects user to second file.

Any ideas?
 

More replies
Answer Match 25.2%

everytime i use the search and click on a link it redirects my browser how can i fix this. i am going to include a log file from hijack this.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:24 AM, on 7/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchos... Read more

A:please help w/ ie redirects

9 more replies
Answer Match 25.2%

I am having a problem with IE8. I am being redirected to unwanted sites using google search. I have virus, spyware, malware, adware programs but none seem to clean this problem. I thought SpywareDoctor cleared it but it back. Running XP home with all securety pataches installed. Computer is laptop on wireless home network. Desktop does not appear to be infected. Attached is HJT log.
Any help would be appreciated
Thank You
Marc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:28 PM, on 4/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Fi... Read more

More replies
Answer Match 25.2%

Running 7 ultimate retail for about 2.5 yrs now. Lately i have been having many probs with internet explorer, re-directs when using google, audio coming on, all sorts of things, websites I didnt click on are coming up, ie simply locking up, was on Asus and i went to the mobo i wanted, clicked on "downloads" and i cant get to the next page where the downloads are. This sort of thing is happening all the time now.
I dont know if this is related or not but I have quite a few usb drives and other usb items. Whenever i plug one in or turn one on my monitor goes blank (black), comes back on, goes blank again, and comes back on, all in a second or so.
Should have done something about this earlier but i thought i had corrupt windows files since i have been running my pc every day and nite for 2.5 years and i do a lot of downloading of movies and such (demonoid)

Help appreciated.

thank you
 

A:redirects, etc

Hi garebo,

Unfortunately your machine appears to have been infected by the TDSS rootkit/backdoor infection. These kind of malware is very dangerous. Backdoor Trojans provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.
If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:
Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks,
paypal, ebay, etc. You should also change the passwords for any other site you use.
Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or
credit card information may have been stolen and ask what steps to take with regard to your account.
Consider what other private information could possibly have been taken from your computer and take appropriate steps

Please read the following for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Be... Read more

1 more replies
Answer Match 25.2%

Hi I keep getting pop ups in the bottom right of my browser (firefox) and some redirects. Would appreciate the help.

A:Pop ups and redirects

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

20 more replies
Answer Match 25.2%

Every few minutes or so my IE will automatically open a new window redirected to Direct Tv or something else. Also when clicking on the results of a search the window will be redirected to something else other than what I seached for for three consecutive times. Your expertise is requested...
Thanks jcfvoygr

The Attach.txt is attached and the DDS log follows:
DDS (Ver_09-12-01.01) - NTFSx86
Run by james.freeman at 17:01:08.73 on Tue 12/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.333 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program ... Read more

A:Another One IE redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

19 more replies
Answer Match 25.2%

I keep getting redirected to different sites than I've chosen. Most of the time the new window's title is "Jump". I've searched for the answer on here and so for nothing I've read has worked. Any and all help would be appreciated.

Here is the HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 8:15:02 PM, on 01/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
C:\Program Files\iTunes\iTunesHelpe... Read more

More replies
Answer Match 25.2%

(thanks for your suggestion Derek)

If you or anyone else can tell me (IN SIMPLE English) what to do now, I'd appreciate it...

which do I delete to stop these re directs or pop-ups....my internet has stalled to a crawl (or even stops and sometimes closes) while these exe pop ups and re-directs try to force their way through...do I delete them through the registry (and where would those files be?) or Hijack this?

I keep getting from "odysseusmarketing" among others....I have panicware and lavasoft adaware...neither seem to be able to stop them or delete them and norton doesn't recognize them probably because it views them as a downloaded program

Logfile of HijackThis v1.97.7
Scan saved at 11:08:30 PM, on 1/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\sysmgr.exe
C:\WINDOWS\System32\Keyhost.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
C:\WINDOWS\system32\pgtools\tatss.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\program files\altnet\points manager\points mana... Read more

A:Pop Ups, Exe's And Redirects, Help!!

Please continue in your original thread and please don't post duplicates.

Closing duplicate.

Continue here:

http://forums.techguy.org/showthread.php?s=&threadid=190455
 

1 more replies
Answer Match 25.2%

First time I've come across something I haven't been able to remove myself. I get redirects when I click links from google results. I'm pretty sure it's a root kit..
 

A:Redirects...

Hiya

Can you do the following, and then we'll go from there

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Lo... Read more

1 more replies
Answer Match 25.2%

Hello, I've used AVG, AdAware and Counterspy to scan and remove most of the malware on my PC. They all run now without detecting anything. My problem is that whenever I do a Yahoo! search, upon clicking on a link I am redirected (results.yahoo.com) to the wrong site (each time it's different). This happens on IE6, IE7 and Mozzilla - but is unique to Yahoo. I am running XP SP2. I am attaching a HijackThis log for your review.Your help is greatly appreciated!Best Regards,Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:38:56 PM, on 1/24/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeD:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\System32\ezSP_Px.exeC:\WINDOWS\AGRSMMSG.exeC:\program files\support.com\client\bin\tgcmd.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeD:\Program Files\Sunbelt Soft... Read more

A:Ie 6 Redirects

Hi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerAlso, I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it is finding.Then reboot.After reboot, open your Avira and select "reports".There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and p... Read more

12 more replies
Answer Match 25.2%

Hi, last couple of days I've found if I do a google search and click on the result, I get taken to various advertising sites - Lightseek.biz savecompare.com sportcampinglocations.com bigshoppingdeals.co.uk kelkoo.co.uk etc I've run an anti-virus scan (F-Secure) which didn't show anything bad.Downloaded Ad-Aware, which found win32.trojan.NSAnti and 199 cookies it didn't like, and deleted them. I'm still getting directed to the sites. Found this site, and downloaded Malwarebytes following advice in this thread http://www.bleepingcomputer.com/forums/t/270212/ie-redirection/This found 4 objects and quarantined/deleted them.But, I'm still getting directed to the sites.Here's the logfile below, any ideas what I can try next?ThanksPaul---------------------------------------------------------Malwarebytes' Anti-Malware 1.41Database version: 3154Windows 5.1.2600 Service Pack 212/11/2009 18:35:49mbam-log-2009-11-12 (18-35-49).txtScan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)Objects scanned: 271208Time elapsed: 1 hour(s), 35 minute(s), 55 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detec... Read more

A:IE redirects

Welcome to BCUpdate mbam and run a FULL scanPlease post the results========================We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr==========================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it fi... Read more

5 more replies
Answer Match 25.2%

I am getting constant browser redirects and pop-ups in full browser pages. I have run many anti spyware programs but still have the problem. I tried to download Spybot as I have used it in the past and it worked. But I can't download it. When I get to the install screen, I keep getting an error. I also try to download Spy Sweeper but has the same problem. Can anyone help?? It's driving me crazy. I tried to download DDS for log but it was blocked.This is my Hijack This Log - Scan saved at 6:15:19 PM, on 2/25/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\WINDOWS ... Read more

A:Redirects and Pop-ups

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will o... Read more

12 more replies
Answer Match 25.2%

Hello. I was experiencing constant redirects, so I ran MBAM and TDSSKiller. MBAM found 2,235 items and supposedly was able to fix all of them, but I am still experiencing the redirects whenever I try to access websites. TDSSKiller found nothing. Here are my logs according to the directions. I hope I did this right. I greatly appreciate any help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by new at 22:26:54 on 2012-01-18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.990.397 [GMT -5:00]
.
AV: avast! antivirus 4.8.1335 [VPS 100118-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common File... Read more

A:Redirects won't go away

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follo... Read more

19 more replies
Answer Match 25.2%

Hi all,
 
does anyone know how to fix this? It is often reported affecting all browsers.
 
This webpage has a redirect loop, ERR_TOO_MANY_REDIRECTS.
 
This happens when trying to access a certain feature on a website, otherwise all actions on the site are normal.
 
It has no obvious fixes. perhaps it's a website server issue

A:Redirects

Can you tell us which webpage it is?

6 more replies
Answer Match 25.2%

I run Windows 7 and am getting some odd redirects when I use Chrome (crackle.com, CBS, political ads!) I use MSE and have run quick scan on a regular basis, with nothing coming up.  Running full scan now.  I am sure I should add more protection, just not sure what and I really want this garbage to go away!  Any help is greatly appreciated!

A:Redirects

 Install and run MBAM
Information about MBAM: http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial
If this scan has been done, please post the the log into your next reply.
 

  Running TDSSKiller to obtain log
 
Note: Don't cure or delete a threat, but choose skip for all instead.
Please download TDSSKiller from here and save it to your Desktop
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

In the Additional options: Check Detect TDLFS file system
Click Start Scan and allow the scan process to run

Choose for all threats to Skip for all of them.
Click Continue
Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================
 
 ESET Online Scanner
==================
Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.
 
I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the  button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Dou... Read more

33 more replies
Answer Match 25.2%

Thankyou to whom will help.

While surfing (Chrome) I am periodically (not always) redirected to:
"http://00c89119.linkbucks.com/url/http://www.kpoww.com/index.html"

I have noticed that my security suite (Eset) is unable to update its definitions and when I attempt to run a scan - it bogs down to a crawl.

Ad-Aware found nothing and Malwarebytes did not find anything.

Cheers!
Josh

A:Web redirects

Hello Josh,First run MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.NowReboot into Safe mode with Networking.Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again. >>>>Please Download TDSSkiller Launch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.... Read more

7 more replies
Answer Match 25.2%

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Jared at 21:26:49 on 2013-12-06
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3005.1574 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\Java\jre7\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
E:\Program Files\Macrium\Reflect\ReflectService.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
E:\Program Files\IDT\WDM\sttray.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\TeamViewer\Version8\TeamViewer.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Documents and Settings\Jared\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Documents and Settings\Jared\Application Data\Dropbox\bin\Dropbox.exe
E:\Program Files\TeamViewer\Version8\tv_w32.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:... Read more

A:Pop ups and redirects that won't go away

Hello bigj123454321 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the ... Read more

18 more replies
Answer Match 25.2%

Here's the story: A couple weeks ago everything seemed fine, except that my laptop was running painfully slow. Usually when that happens, I delete a bunch of needless files, download AVG, scan once, then uninstall AVG again since it slows down my laptop itself. This time I did all that, had a rough time getting AVG to uninstall, didn't think much of it. I don't know if any of this is related, but there it is. (I also lost access to my youtube account, but I think it's a stretch saying that's related. Worth a shot, though.)

So a few days later, the redirects started. Any link I click as a search result in google, yahoo or bing, using firefox or chrome, gets redirected. I get led to a few different sites, but the names Scour and 100ksearches pop up most often. Clicking the url bar and pressing 'enter' before I get redirected is the only workaround I've found. I saw somebody say refreshing worked for them, but I've had no such luck. Then the random instantaneous reboots started happening (usually within 15 minutes of booting up, sometimes within five, sometimes several hours) and I started getting really bugged.

A quickish late night search got me two names that worked for other people, Malwarebytes and Combofix. I tried MB first, installed, ran, and right when the scan started, the program disappeared. I went to run it again, and an error message popped up saying I didn't have permission to access that program. [the same thing happened with GMER just now, that's wh... Read more

A:Redirects and so much more

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

19 more replies
Answer Match 25.2%

Hello all !! This is my first post. Thank you very much for this thread. I have a problem with the google redirects, very similar to what bsweet0us is describing here. Should I continue to post here? elsewhere?

I use XP and Firefox 3.0.8. When it starts up there are several error pop-ups when I reach the icons screen:

3 Google Installer pop-ups ''Google Installer has encountered a problem... ''etc.
3 View Mgr pop-ups ''View manager has encountered a problem... '' etc.
and one error pop-up from micosoft.net Framework (predates the problem).

I use AVG (free version) and have remnants of an old Norton program with the icon still visible at the bottom. The AVG seems to function okay (except for allowing this virus in of course).

Sometimes the computer freezes up at the start / icons screen or the welcome screen.

I have tried downloading and installing various anti-malware programs, but it seems that after downloading the set-up software, something in the computer is preventing them from installing properly.

When I search using Google it displays the results properly, but when I click on a link I am redirected to some commercially-oriented search page that I've never seen before.

I ran Gooredfix.exe as suggested by rigel, selected ''1'' and got this in the Goored log:

(start of message)

GooredFix v1.92 by jpshortstuff
Log created at 08:40 on 16/04/2009 running Option #1 (E Sherman)
Firefox version 3.0.8 (en-US... Read more

A:Redirects

Hi and welcome to BleepingComputer I have split your thread away from the existing one to give you your own. GooredFix was negative, so lets continue with MalwarebytesThe process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to... Read more

15 more replies
Answer Match 25.2%

Need help with redirects!!!!!!

Have to attach active scan....when submitted first time came back text is too long.


Here is the comboscan log....

ComboScan v20070226.18 run by Brian on 2007-03-27 at 17:33:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Brian.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:36:45 PM, on 3/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\H... Read more

A:need help with redirects

bump.

4 more replies
Answer Match 25.2%

I am having problems with web redirects when clicking a google result.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:44 PM, on 11/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.e... Read more

A:Web redirects

8 more replies
Answer Match 25.2%

Hi ,I volenteered to fix my father inlaws pc . Initialy it didn't look to bad , I ran ccleaner and ran malwarebytes which picked up a couple of things . I first thought I got rid of the redirect problem so installd spyblaster changed IE setting and cleared system restore . I was just about to download firefox and relized that the redirect problem was still there . It gets redirected to what seem like genuin sites , alternate search engines and stuff and even got redirected to a you tube video . I could really use some help in getting to the bottom of this irittating problem , I have no idea how to read a HJT log so if someone could please take a look it would be appreiated .

Thanks .
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:32:58 PM, on 1/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\A... Read more

A:IE redirects (hjt log)

16 more replies
Answer Match 25.2%

Here is my HijackThisLog

Logfile of HijackThis v1.99.1
Scan saved at 9:27:23 PM, on 11/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\QuickT... Read more

A:Need help getting rid of IE redirects! Help

Hi and welcome to TSF.

I am currently reviewing your log and will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

4 more replies
Answer Match 25.2%

Hi. I get pop-ups in the lower left and right corners of many websites and also get redirects when clicking on links. Can anyone help?

A:Redirects and pop ups

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

10 more replies
Answer Match 25.2%

Hello! So, the story goes that a few weeks ago, the computer I am using got infected with a rogue antivirus.  WinDefender 2008 or something that sounds much like that...although they all sound a lot like that. Got rid of it without much trouble. (pretty much just ran mbam and avg) Now..,REDIRECTS!  Not just antivirus or security related searched.  Pretty much every link i click in search results redirects.  About 80% of the time if I open the link in a new tab it won't redirect, but sometimes it will. The sites tend to se sites that look like lists of search results of the same terms I initially searched.  Sometimes it's crap like beauty tips or hot MMA girls.  Sometimes it's just an IP address, This one recently came up - hxxp://63.209.69.107.  There's nothing on the page. And it doesn't redirect 100% of the time, even when I don't open it in a new tab.  Again, maybe 80%. AVG and MBAM come up clean.  There's some vestige of the previous infection that I can't get rid of, obviously.   I would GREATLY appreciate any help that can be given.  It's not dangerous so much as obnoxious. Stats -- Win 7Chrome (usually), roommates use IE9. I never do, but I just opened it and did a search, clicked 5 links, and none redirected.  Maybe it's a Chrome-only thing?  Thanks!

A:Redirects and such

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create M... Read more

6 more replies
Answer Match 25.2%

Hi Everyone I'm new here and I hope I'm putting this in the correct place. I have Vista operating system. There is a froum/group that I visit and today I've been having a redirect problem. When I go to click on a post I get redirected to either Adspace or Reseller Cluster. In that group I can pm and see profiles I just can't read/reply any posts. Now if I'm logged out I can read what is public but cannot reply. So far this is only happening in this one group. I have been able to use my email and visit other groups without a problem. So far I have tried doing a virus scan - I have Nortons 360 and nothing has been dectected. I tried clearing all my files, cookies, history etc. I tried a system restore a couple different times and when the computer would start back up it would tell me the restore failed to complete I spoke with the group owners and they were able to sign in with my user name and password. They had no problems getting to and reading/replying to posts. The last thing I tried was creating a new user name for that forum. Still the same thing was happening. I would get redirected to the 2 sites mentioned. Thank you in advance for any assistance you can give me.

More replies
Answer Match 25.2%

Hello, I followed the preparation guide before posting. I ran the Farbar scan tool that generated the files FRST.txt and Additions.txt. But I ran into problems trying to make the post with FRST.txt. I tried to copy and paste the contents of the FRST.txt file in the message but then I would get an error message telling me my message was to long, that I needed to shorten it. Then I tried to attach the file instead of pasting it, but my FRST.txt file size is 523KB and the bleepingcomputer site says that the maximum file upload size is 432.38KB.  So I couldn't do that. I looked at what other people have posted, and I notice their file seems allot smaller than mine. So I looked at the contents of my FRST.txt file and noticed that the bulk of the file (mainly what gives it a large size) is all the entries of the files on my computer. The section of the FRST.txt file where the entries begin is at this heading:
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
Most of the files after that heading that are being listed in the FRST.txt file are from:
 
C:\WINDOWS\system32\         and
C:\WINDOWS\SysWOW64\
 
I'm not sure how someone will be able to help me if they can't see my FRST.txt file. I also thought about splitting the FRST.txt file into two files like FRST_PART1.txt and FRST_PART2.txt and making two separate posts just to post each one.... Read more

A:Getting redirects with IE and FF and GC

Hello Secret Society,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions.   You can break the log down and use multiple posts if need be to post the entire log.

12 more replies
Answer Match 25.2%

My computer has just today started to redirect my IE7 to some registry cleaner site and slowing my internet speed way down. I've read a lot of posts about this occurance and I figured before doing a clean sweep of my ystem (resulting in total loss of data) I would give posting my hijack file a shot. I know there's a lo of steps involved but I would muc rather go through all the steps than to try to put all the programs I have and try to recover the data I had. System restore does not seemto want to work either...my system keeps tellng me that it was unable to complete and no changes have been made. Help would be greatly apprecaited.here's the hijack log:
__________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:47 AM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy... Read more

A:Redirects and pop-ups

So after some research and fiddling here's what I've done so far to rid my puter of these redirections and pop-ups: booted in safemode and ran spybot S&D...it found 4 problems...wwwcoolsearch, and windowsfirewallbypass, which I fixed. I then ran malwarebytes and it found nothing. I rebooted in normal mode and tried to go to IE and boom...again with a popup. BUt this time with teatimer running it blocked the popup from actually showing a webpage yet still showed an empty page. I will posta new HJT log if someone will answer my request for help.

Thanks
 

1 more replies
Answer Match 25.2%

So this has been going on for a while and I've ignored it but I'm starting to think it is causing performance issues now. So on some websites I get a small square popup on the right or left lower hand of the screen. Also I occasionally get redirected to some random website. This happens on chrome, IE, firefox, and even my steam (pc games) browser. I've looked into it and found it is a common issues for a lot of people. I'm sure you've heard of this issue. I don't have any software except for windows firewall and Microsoft Security Essentials. Microsoft Security Essentials doesn't even detect it. I don't really know what to do. Please help.  Thanks in advance.

A:Pop up and redirects

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwareby... Read more

7 more replies