Tech Problem Aggregator

Yet another case of the Google redirect - pp10.exe running.

Q: Yet another case of the Google redirect - pp10.exe running.

The problem:

-Virus/Trojan/Spyware/Malware (not certain which is the proper term, I'll just call it malware) which redirects my browser (IE) whenever I click on a Google search result link.
-Redirect seems to always take me to: lo-find (dot) com
-When my computer is connected to the internet, windows will open spontaneously, claiming my hard drive is full of trojans/etc., prompting me to run checks from the security center.
-task manager is frequently disabled. (I am unsure as to whether this is caused by the malware, or my computer's response to it...)

Some context and history:

Ever since my norton subscription ran out, I have been protecting my computer - or attempting to - with Spybot S&D alone. (TeaTimer thing running).
It asks me to manually allow or deny registry changes, which I habitually allow when installing updates and deny when browsing the web.
My computer caught this malware when I was simultaneously installing a microsoft-provided IDE for C++ (Microsoft Visual C++ 2008 Express Edition) and browsing the web. When a bunch of registry change requests came up, I assumed they were involved in the installation and allowed them.

Shortly afterwards, the problems began. So I disabled my internet connection and ran spybot. Spybot found two entries (something about "WindowsSecurityCenter") and claimed that it had fixed them.
I had my task manager back, as well.
But whenever I reconnected my internet, the problems would return and spybot would find the same two entries again.
So I left my computer offline, and have been using the family computer for research and downloads, and shuttling stuff between the two computers on a memory stick.

A friend of mine advised me to download Process Moniter and use it to identify the malicious processes. I found pp10.exe, which seems to fit the bill.
I have not manually deleted any files or terminated any processes in an attempt to weed this out.

Help would be very much appreciated, thank you.

DDS Log:

DDS (Ver_09-05-14.01) - NTFSx86
Run by Chris at 1:30:02.59 on 16/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.556 [GMT -8:00]

AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
AV: Norton AntiVirus 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\X3watch\x3watch.exe
svchost
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\AirNCFG.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\SYSDLL.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\windows\pp10.exe
C:\WINDOWS\system32\svchost.exe -k podmena
C:\Documents and Settings\Chris\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://global.acer.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~2\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton antivirus\NavShExt.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [PowerBar]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SYSDLL] SYSDLL
mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe
mRun: [x3watch] "c:\program files\x3watch\x3watch.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [CatalystRegistration] "c:\program files\ati\catalystregistration\dolce.exe"
mRun: [ImageItEncrypt] c:\windows\system32\ImageItEncrypt.exe
mRun: [c:\windows\system32\kdnjd.exe] c:\windows\system32\kdnjd.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Xtreme N Dual Band DWA-160] c:\program files\d-link\d-link xtreme n dual band dwa-160\AirNCFG.exe
mRun: [pp] c:\windows\pp10.exe
mRun: [sysldtray] c:\windows\ld09.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll

============= SERVICES / DRIVERS ===============

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2004-12-15 76544]
R1 podmenadrv;podmenadrv;c:\program files\podmena\podmena.sys [2009-6-16 9472]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2005-12-19 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2006-1-11 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2006-1-11 169576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2006-2-5 139936]
R2 podmena;podmena;c:\windows\system32\svchost.exe -k podmena [2004-8-10 14336]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-26 1174152]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2006-8-26 3376704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-7-30 106808]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-5-8 57440]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070728.005\NAVENG.Sys [2007-7-29 81232]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070728.005\NavEx15.Sys [2007-7-29 865904]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2005-12-19 337592]
S0 Glx60;Glx60; [x]
S3 arusb(Atheros);Atheros Wireless Network Adapter Service(Atheros);c:\windows\system32\drivers\arusb.sys [2009-5-8 434688]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\d-link xtreme n dual band dwa-160\jswutil\jswpsapi.exe [2009-5-8 356434]
S3 SAVScan;Symantec AVScan;c:\program files\norton antivirus\SAVScan.exe [2005-12-19 198416]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2009-06-16 00:20 <DIR> --d----- c:\program files\podmena
2009-06-16 00:20 2 ----h--- c:\windows\zaponce53575.dat
2009-06-16 00:20 2 ----h--- c:\windows\zaponce53652.dat
2009-06-16 00:20 15,872 ----h--- c:\windows\ld09.exe
2009-05-30 00:10 50,200 a------- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-05-30 00:10 79,896 a------- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2009-05-30 00:09 <DIR> --d----- c:\windows\system32\RsFx
2009-05-29 23:58 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-05-29 23:53 <DIR> --d----- c:\program files\common files\Merge Modules
2009-05-29 23:50 <DIR> --d----- c:\windows\system32\XPSViewer
2009-05-29 23:49 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-29 23:49 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-05-29 23:49 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-29 23:49 117,760 -------- c:\windows\system32\prntvpt.dll
2009-05-29 23:49 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-29 23:49 <DIR> --d----- C:\03c0e6004aa354d24826c5c5
2009-05-29 23:49 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-05-29 23:49 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-05-29 23:48 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-29 23:46 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-05-29 23:46 13,824 ----h--- c:\windows\pp10.exe
2009-05-29 23:46 17,408 a------- c:\windows\system32\SYSDLL.exe
2009-05-29 23:46 2 ----h--- c:\windows\sonce122730.dat
2009-05-29 23:45 <DIR> --d----- c:\windows\system32\sysloc
2009-05-29 23:45 77,698 a------- c:\windows\system32\pmx
2009-05-29 23:45 44,544 a------- c:\windows\system32\inform.dat
2009-05-29 23:45 33,280 a------- c:\windows\system32\xagkf32.dll
2009-05-29 23:41 <DIR> --d----- c:\program files\MSXML 6.0
2009-05-21 20:37 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-21 20:14 <DIR> --d----- c:\documents and settings\chris\workspace
2009-05-20 23:08 7 a------- c:\windows\system32\ANIWZCSUSERNAME

==================== Find3M ====================

2009-03-27 21:05 78,613 a------- c:\windows\War3Unin.dat
2009-03-21 06:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2007-09-25 11:40 251 a------- c:\program files\wt3d.ini
2007-04-28 10:22 1,367,553 a------- c:\program files\mIRC621.exe
2004-10-01 15:00 40,960 a------- c:\program files\Uninstall_CDS.exe

============= FINISH: 1:31:02.17 ===============

A: Yet another case of the Google redirect - pp10.exe running.

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.In case you lost internet access after performing above instructions:In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection.

4 more replies
Answer Match 66.36%

It seems like there has been a lot of these lately. I'm not really sure what i'm supposed to post so here's a Hijackthis log. Thanks for your time, hope to hear a reply soon.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:57:24 PM, on 4/4/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exeC:\Program Files\HP\HP Software Update\HPwuSchd2.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\SUPERAntiSpyware\d17c7ed6-a8f4-498b-b26d-0432dd093a1f.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Fil... Read more

A:Another Case of Google Redirect

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

46 more replies
Answer Match 66.36%

I work on a Windows 7 laptop and I've had trouble with google chrome and IE browsers redirecting after clicking on links in google searches. Malwarebytes picked up a happili trojan and deleted it and restarted the file. Afterwards it still redirects. I've uninstalled google chrome but will reinstall it when we make this better.

Here's the dds log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by FrankJr at 14:53:50 on 2012-05-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2042.983 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32�... Read more

A:Another Google Redirect Case

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

14 more replies
Answer Match 66.36%

hi i've been hit by this and can't seem to shake it. i've:
-updated and ran my mcafee antivirus
-ran malwarebytes(it found some trojans that were removed)
-ran superantispyware (it too found some sketchy items and removed them)
-ran spybot (found nothing)
-ran adaware (found nothing)
-ran ccleaner (nothing too big)
-downloaded the goored fix that has been suggested in other forums and ran it (seemed to lessen the occurances)

at first it was pretty much every link in google was redirected now only a couple on the results page. it occurs in firefox and ie thanks in advance for your help.

attaching DDS log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Jeff at 21:29:59.35 on Tue 12/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.1998 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee.com ... Read more

A:yet another case of the google redirect

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

7 more replies
Answer Match 66.36%

I've recently come down with a case of google redirect. I see this problem on many forums on the various pages but am afraid to try any of the solutions myself. I would ask that one of you kind souls will help me with this problem.

I get the "recycler" error when i try to open my C drive and any links that I click on google route me elsewhere.

In terms of full disclosure I haven't been the "cleanest" internet user. I don't actively use a firewall, or run anti-virus often. I've also made some poor choices in downloading. I'm actually kind of suprised that it took this long for something bad to happen. If/when this is fixed I hope to be a better internet user.

The only step I've done so far is the dds scan. I've downloaded HJT but am unsure how to use it. Here is my dds results. Please help... you guys rock!

Joe
DDS (Ver_09-03-16.01) - NTFSx86
Run by Suchma at 21:55:21.68 on Mon 03/30/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.492 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDevi... Read more

A:Another case of google redirect

Hello,I apologize for the delay in response, we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know. As its been a while since you posted your log, I will need an updated one.Please take a look at the Preparation Guide for a download link to DDS and instructions on how you should ask for help. Thanks and again sorry for the delay.

2 more replies
Answer Match 65.52%

I have the typical redirect behaviour in Firefox when clicking on Google search results, being redirected to various sites (most of which are blocked in the meantime by Bullguard ... which I had unfortunatelly turned off for some time). Same behaviour on IE. Safari works fine. Longer downloads get interrupted. I installed Malwarebytes, SUPERAntiSpyware and ran them, they found some infected files, removed them, but the problem remains. IE8 does not start anymore, because apparently I have removed something that is needed by IE :-/.

My desktop PC is connected via LAN cable to a Thomsson wireless LAN router. My notebook, which is connected via WLAN did not show this behaviour on Firefox or other browsers.

So here is my DDS.txt - thanks for any help!
DDS (Ver_10-12-12.02) - NTFSx86
Run by sbrantner at 23:47:51,02 on 27.12.2010
Internet Explorer: 8.0.6001.18999
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.43.1031.18.3070.1122 [GMT 1:00]

AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall *Disabled* {68747E43-7A47-EA26-053F-CB84640E3E67}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windo... Read more

A:Another Firefox / Google redirect case ...

Hi,Please do the followingRefer to the ComboFix User's Guide Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

2 more replies
Answer Match 65.52%

Hi everybody and thanks in advance for your attention...
straight to the symptoms..
I was confident that I was protected aginst any virus by my updated and running McAfee Internet Security software...

1- I started getting random blue screens, some would not tell anything regarding the cause, other would mention "memory page file in non-paged area" or something like that.
Most of the times the blue screen would make mention of different files that all appear to be drivers.

2- In IE after a opening a few tabs, let say 6, the 7th one would open but would not go anywhere. I couldn't go to the home page or any other page for that matter, just a white, blank page...

3- sudden pop-ups coming from who knows where...

4- At this point I did not thought much about it until, I would google anything, get my search results, but when I click on those hyperlinks it would take me anywhere else...
It was not constant. but would do that 90% of the time.

I went to my work computer and search for these symptoms and didn't take long to know I was infected with the infamous, and wrongfully named, google re-direct virus...
At this point the symptoms were present 100% of the time.

I search for different options and I tried everything I could
Malwarebytes Anti-malware was the most mentioned recommendation on the web... on my computer would come completely clean, but I still had the problem.
Kapersky TDDSkiller would not find a single infection, completely clean...
SUPERantispy... Read more

A:Bad, Very bad case of google redirect virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

42 more replies
Answer Match 57.54%

Hi,

My computer has the google redirect virus and runs very slow. Often it will lock up when going to an internet site or direct you to the wrong one. It just recently changed the wallpaper to one asking me to download virus software. I?ve run Malwarebytes and Microsoft Security Essentials but have not been able to get rid of the problem.

Any removal assistance you can provide would be greatly appreciated. Thanks in advance for your help.

Dan

PS ? When starting the computer I get the message below:

Error loading C:\WINDOWS\pspsx32.dll
The specified module could not be found

A:Google redirect and running slow

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Answer Match 57.54%

I ran superanti spyware and malwarebytes nothing found. cpu is very slow
DDS (Ver_09-11-29.01) - NTFSx86
Run by Mark at 13:46:24.35 on Mon 11/30/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.52.1033.18.1278.700 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
svchost.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WI... Read more

A:Google redirect and too many processes running

here is gmer txt

1 more replies
Answer Match 57.54%

Ive noticed google is redirecting and there more processes running jumped from the normal 41 to 58 but now im running 44-46 processes, the problem started ever since my mom downloaded some coupon bar. I uninstalled the coupon bar and ran spybot search and destroy which got rid of 13 spyware and a couple malware and the problems are still percisting. Am i infected? and what should i do?

A:google redirect and more processes running

azdownhiller, Greetings and to Bleeping Computer Below are 2 applications I would like to you run. Please post the log from each application on your next reply. After you run MalwareBytes, please make any notes of issues that you still experience.Also, is the Coupon Tool Bar still installed?We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect regi... Read more

4 more replies
Answer Match 56.7%

Computer redirect virus is slowing down my computer and... redirecting my google. I've tried a MalwareBytes anti-malware to no avail. Only problems that I can notice are the redirects itself and the computer running slowly. Thanks in advance for the help!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 8:52:26.60 on Sun 04/10/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1784.628 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Admin... Read more

A:Google redirect virus and running slowly

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. Download TDSSKiller.zip and extract TDSSKiller.exe to your desktopExecute TDSSKiller.exe by doubleclicking on it.Press Start Scan
If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"Then click Continue > Reboot now
Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txtAttach that log, please. Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this linkDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery ... Read more

6 more replies
Answer Match 56.7%

All links redirect and CPU is running at 100% when just at the desktop. i ran superantispyware and malwarebytes no infections found.Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\... Read more

A:Google redirect and too many processes running CPU is very slow

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 56.7%

I'm having problems with Google and Yahoo searches redirecting to unwanted sites. I've run Avast, AdAware, aswMBR and Malwarebytes in both normal and safe mode and have had no luck removing the virus, though I was able to get rid of Windows Vista Recovery. I'm also seeing instances of Internet Explorer that don't produce any visible manifestation besides showing up on Process Explorer. I can't seem to run TDSSKiller - the process doesn't even start, even when I click "Run as administrator."

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19019
Run by LaNoktaTempesto at 21:31:00 on 2011-05-30
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.2045.1003 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows... Read more

A:Google redirect virus, TDSSKiller not running

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

16 more replies
Answer Match 56.7%

Hi there.

I'm having an issue with Google redirecting my searches as well as Internet Explorer running in the background. I was infected with Windows Recovery malware and executed the steps listed on this website to remove it. That did away with most of the problems, but I still encounter the following things:

- A "script error" for Internet Explorer, even though I don't have it running. The one I most recently received said: "Error: Object doesn't support this property or method" and came from the domain "www.gossipcenter.com"

- Mysterious advertisement sounds (no doubt coming from the invisible iExplore) popping up at random intervals

- As mentioned, searches made on Google inexplicably redirect me about 40% of the time

As far as I know these are the only issues. Your help would be greatly appreciated!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Inga at 12:36:34.50 on Sun 04/24/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.3325.1257 [GMT -5:00]
.
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 3... Read more

A:Google Redirect and Internet Explorer running

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

16 more replies
Answer Match 56.7%

Help would be appreciated.
A couple of days ago I was infected with the FIX HDD malware. I started casting about on the internet for information and seemingly was able to remove that malware.
However now I have a google redirect problem which sends me to random sites when I search in google and then click on any of the search results.
In addition internet explorer runs in the background and runs ads that I can hear on my speakers.

Prior to finding this forum and the forum prep guid I ran several programs I found on the web in an attempt to get rid of these issues.

I've run the mcaffee scan, the IOBIT security 360 scan, spybot S&D, Malwarebytes' Anti-Malware, Ad-Aware.

I've also run Hijack this and CCleaner. I made a few changes with Hijack this to get rid of random exe's running the FIX HDD malware but I was scared to make too many changes as I am not a registry expert.

I even ran combofix at some point.

Also not knowing any better I ran some of these programs twice, once in safe mode and once in regular mode. Not sure which mode they should be run in.

Attached below are the DDS logs and Attach file.

I attempted to run GMER. It ran for hours so I let it run overnight and when I got up this morning to check it I had the blue screen of death. Here's what it said on that screen:
SRV.SYS an attempt was made to write to read-only memory
STOP:0x000000BE(0XA29867A3,0X3203A121,0XBA50F6B4,0X0000000B)
SRV.SYS - Addres A29867A3 base at A295F000, Da... Read more

A:Google Redirect and IEXPLORE running ads in background

Hello Wowza ,Sorry for the delay. If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. Thanks,tea

36 more replies
Answer Match 56.7%

This was my old thread http://www.techsupportforum.com/secu...s-malware.html

I went on vacation a week ago and was hoping no one would find it so i could bump it back up when i got back. So yes i still have the same problem.

I did the Gmer rootkit thing and the log is in the attachment.

A:Google redirect, programs not running, new thread

Hello and welcome to TSF.

If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log and a new GMER log as described in this topic. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three-five days this thread will be closed.

Thanks.

With Regards,
Extremeboy

17 more replies
Answer Match 56.7%

Dear all~~
9
Two days ago, my laptop running Windows Vista became injected with a trojan (FakeAlert!grb), and although that was removed, I now seem to have problems with a Google redirect virus, which is also affecting Internet Explorer and Google Chrome. In addition, iexplorer is running multiple hidden copies in the background (seen through Task Manager). I have tried several of the tutorials (e.g., Rkill, Kapinsky TDSS Killer, Malwarebytes and others, but nothing is working.

I am incredibly frustrated at not making any progress getting this off my laptop, so any help would be incredibly appreciated!!!

Thank you,
~tatiana

A:Please Help!! Google Redirect and Multiple ieplorers Running

Please tatiana78 This forum requires a DDS log. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

20 more replies
Answer Match 56.28%

I think i have the google redirect i have ran malwarebytes AVG ad-Aware advaced system care and its still there can you help?

A:Google Redirect problem and computer running slow

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

2 more replies
Answer Match 56.28%

Hi

I've been having trouble with being automatically redirected to ad sites when clicking on google search answers. Very frustrating.

From time to time also been having trouble with unknown script running when I'm on my google home page.

Have been running AVG and spybot.

I followed the instructions for before posting but ran into problems with gmr.exe
Got a blue screen whilst it was scanning with the following as causing the error:
PFN_LIST_CORRUPT

My log from dds.exe is below.

Thank you!!

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 23:41:26 on 2011-06-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.284 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program... Read more

A:google redirect when searching and unknown script running

Hello and welcome to TSF. My name is Taylor and I'll be helping you with your fix.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

4 more replies
Answer Match 56.28%

Been having problems for a couple of weeks. Computer is running slow as dialup, and recently I've noticed occasional (but becoming more frequent) google search redirects to Shopica, etc. Task mgr shows CPU running at 99 - 100% all the time.
WinXP Firefox version 3.0.8

Have run full McAfee scan, CCleaner, Super AntiSpyware Free edition in safe mode. I don't know what else to do.

I'm not particularly versed in computerese, but hope you can help me anyway. I don't want to have to wipe the hard drive, I had to do that after an infection a year ago and it's no fun.

Any help appreciated. Should I post some kind of log for you? Thank you.

A:Superslow, CPU running at 100%, Google searches redirect to Shopica, etc

Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will... Read more

11 more replies
Answer Match 56.28%

Hello all,

I was redirected here (by someone helping me on another forum) for some Combofix expertise. Thanks in advance for any assistance.

This is a Gateway laptop running WinXP Home SP3. I've been having the Google redirect problem along with being unable to access Windows updates and AVG updates. I often get the 'windows has encountered a probelm and must close' dialogue box in relation to avgnsx.exe, even though I don't have AVG set to automatically update.

In addition to AVG, I normally run Ad-Aware, Spybot S&D, and SpywareBlaster. While diagnosing this issue, I've also run SuperAntiSpyware and Malwarebyte's Anti-Malware. MBAM found and fixed about 50 infected folders/files (Starware316), but that has not fixed anything.

I was instructed to download and run ComboFix from the bleepingsoftware site, but was never able to access it, either via a Google link, a link on a web page, or typing it in to my browser directly. I finally got the exe on a flash drive and installed it that way; however, it would not run. All that happens is, after saying 'OK' to the Unknown Publisher prompt, the small green status bar (titled ComboFix) comes up and loads, the curser flashes as an hourglass 3 or 4 times, and then that's it. I never get to the blue ComboFix opening screen. I was also able to (finally) download it to my desktop via a different site, but it behaved the same way and would not run.

Any ideas about how to successfully ru... Read more

A:Trouble running ComboFix (Google redirect issue)

15 more replies
Answer Match 56.28%

I have the google redirect virus. Sometimes it opens another browser window to a random site. Also I have multiple mshta.exe files running in the process window. I have run my McAfee virus scan, SuperAntispyware and Mbam. Mbam removed a few problems, and Super removed some tracking cookies but I still have the same problems. any help would be appreciated.

A:Google Redirect and multiple mshta.exe files running

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

2 more replies
Answer Match 56.28%

ok i had no problem dowloding the logs but i have a question do i have to on GMERdownloan link 1 and 2 do i have to do the two of them or just the one DDS (Ver_10-10-10.03) - NTFSx86 Run by Owner at 16:37:40.57 on Fri 10/15/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.371 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\DigitalPersona\Bin\DPWinLct.exesvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\DigitalPersona\Bin\... Read more

A:Google Redirect problem and computer running slow

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

27 more replies
Answer Match 56.28%

Apparent Google Redirect virus on Windows 7, have tried Malwarebytes, spybot, microsoft essentials, mcafee, etc. System has showed clean on all programs, but I'm redirected consistently when using Google search. Please help!

DDS (Ver_10-12-12.02) - NTFSx86
Run by office depot at 20:11:06.85 on Wed 01/05/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1628 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost... Read more

A:Google Redirect on Windows 7 not found on any programs I've tried running!

Hello mags83 and Welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

18 more replies
Answer Match 55.86%

Hello,- Recently, whenever I click on a link through a search engine (usually Google), I am redirected to a different website 2-3 times before I can finally reach my desired website- Typing in the address into the address bar directly usually works, but for some sites such as facebook, a blank loading screen appears forever- Also, my mouse pointer ALWAYS has a hourglass next to it, I can still click/access everything- When I restart my computer, during the desktop's loading an error message (usually) pops up saying: An error has occured with licy.exe, asking me to send or don't send this error reportI've run spyware programs and Hijack this, but I thought I should seek professional advice from the forums before I started fixing/deleting things myselfThanks in Advance! My DDS.txt:DDS (Ver_09-03-16.01) - NTFSx86 Run by Jeff Dang at 13:07:34.14 on Mon 03/16/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.430 [GMT -4:00]FW: Norton Internet Worm Protection *disabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXEC:\Program F... Read more

A:Google Links Redirect Me To A Different Website/Internet Running Slow

Hello Dangerang,Welcome to Bleeping Computer.Sorry for delayed response. Forums have been really busy. My name is fireman4it and I will be helping you with your Malware problem.As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.I will be analyzing your log. I will get back to you with instructions after it is approved.

4 more replies
Answer Match 55.86%

I have the google redirect virus. It also sometimes opens a new browser window to a random site. Once I realized I had a problem I tried to system restore, but all the points before the day of infection were inaccessible. Also I have many mshta.exe files running in the process window. I have run my McAfee virus scan and found nothing. Next I ran Mbam and SuperAntispyware and both found a few things but I still have the problem. I tried starting in safe mode to run Super but I receive Keyboard malfunction when I use the F8 key. So I am unable to run in safe mode. I have done all the steps in the preparation guide and created some logs for gmer and dds. Thanks for the help in advance. Attached is the dds. log, attach.txt, and ark.txt file.
DDS (Ver_10-11-10.01) - NTFSx86
Run by Brandon Kyle at 21:51:46.73 on Sat 11/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1330 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
c:\program files\dell printers\Additional Color Laser Software\S... Read more

A:Google redirect virus and multiple mshta.exe files running

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

16 more replies
Answer Match 55.86%

Hi,
I had tried everything to remove this annoying threat in firefox, including MWB Anti-Malware, Bitdefender Total Security 2011, Kaspersky TPSS(sp?) Remover, CC Cleaner, HitMan Pro, editing the hosts file, etc. Nothing worked. ComboFix seems to have done the trick. After carefully reading the instructions on how to proceed I ran ComboFix. Everything seems to be fine so far, no more redirects! Yay! The Combo fix log is posted below for review by an administrator at their leisure. Thank you for your input, I look forward to reviewing the feedback.

=====================================BEGIN LOG FILE==============================================================================
=================================================================================================================================
ComboFix 11-06-03.02 - Jamie 06/03/2011 12:15:40.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3766.2154 [GMT -4:00]
Running from: c:\users\Jamie\Downloads\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 31
The process cannot access the file because it is being used by another process.
The process cannot access th... Read more

A:Google Redirect virus fixed in Firefox after running ComboFix

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

4 more replies
Answer Match 55.02%

Hi Bleeping Computer Forum. I am having an issue with what I believe is a Google redirect virus. I have run virtually every malware removal tool I can find but haven't had any luck removing it. I'm hoping someone might have some advice on how to fix the problem.

The problem:

When I search with google I see some strange website domains in the status bar, and I usually am redirected to a non google search page full of ads. Uninstalling/reinstalling Firefox did not work. Domain name was pleasewaitsearch.com and recently switched to search2box.com. Also a couple pop-up ads result when it redirects.

A:Google Redirect Virus. Affects Firefox. Running Win Vista Basic

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Then post your DDS and GMER logs as a reply to this topic. Once you have done that I will remove my reply and consolidate the posts so that you retain your correct place in the queue.If you can produce at least some of the logs, then please explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

2 more replies
Answer Match 55.02%

My homepage in Mozilla Firefox is set to http://www.google.comwhen I use the google search engine, I am redirected to http://www.google.com/webhpThis page looks and behaves indentical to Google, however clicking on links only redirects me to www.google.com/webhpI am redirected to the webhp page when I use other search engines as well, also when browsing other websites.When I open Firefox a process starts, firefox.exe, that only uses about 7kb memory. After several times opening, the Firefox program finally starts and these extra firefox.exe instances stay open. Ending the extra processes does not close Firefox, but also does not solve the problem.Internet Explorer does not do this, but also behaves strangely. There are also multiple instances of iexplore.exe running, and when I end one of the extra processes it crashes Internet Explorer, and these extra processes are in addition to the multiple instances of iexplore.exe that runs normally when you open a new tab.During use, I am occasionally redirected to advertisment and solicitation sites; not so much as to completely prevent use but enough to be very very irritating.Google Chrome behaves almost exactly like Internet ExplorerAlso I cannot enable the Windows Firewall, gives the error message:"Windows Firewall can't change some of your settings.""Error code 0x80070422"This is surely a browser hijack of some kind, and I've already done what I would normally do with a computer like this. Used all of ... Read more

A:Google webhp redirect, multiple instances of browser process running

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

21 more replies
Answer Match 55.02%

Hi Bleeping Computer Forum. I am having an issue with what I believe is a Google redirect virus. I have run virtually every malware removal tool I can find but haven't had any luck removing it. I'm hoping someone might have some advice on how to fix the problem, I'm trying to avoid the nuclear option of reformatting and reinstalling everything if possible.The problem:When I search with google I see some shady website domains in the status bar, and I usually am redirected to a non google search page full of ads. Domains include: pleasewaitsearch.com and search2box.com.I attached the DDS log, however I couldn't get the GMER log. I received a system 32 error (c:\windows\system32\config\system: the system cannot find the file specified.) so I think there might be some incompatibility with the 64 bit windows. Any advice on how to get around this or alternatives would be much appreciated.DDS LOG:DDS (Ver_10-03-17.01) - NTFSX64 Run by Jones at 21:06:25.64 on Wed 07/28/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2387 [GMT -5:00]SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Win... Read more

A:Google Redirect Virus. Affects Firefox. Running Win 7 Ultimate, 64bit

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Answer Match 54.6%

Seeing all these posts - this is a common virus that is going on...I seem to be infected too! Need help - please! This began when a bogus Anti-Malware program called "Windows Recovery" took over my computer.

Symptoms:
The background went black;
my search engine results are being redirected;
audio commercials are playing in the background when the internet is not up and running;
and I am getting "Internet Explorer Script Errors"
When I run McAfee, Spybot and Malware - nothing is finding the issues.

Help Please!

DDS (Ver_11-03-05.01) - NTFSx86
Run by Rebecca at 22:26:33.09 on Fri 04/22/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.160 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Enabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetw... Read more

A:IE Script Error, Audio Commercials running in Background, Google Redirect Virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

11 more replies
Answer Match 53.76%

I'm having trouble with my browsers, both firefox and internet explorer. I apparently contracted some malware last night and can't figure out how to get rid of it. All my links in google searches are redirected to ad sites, and after hours of trying to fix it, I'm out of ideas. My virus scanner doesn't even detect it, and I'm at a loss of what to do. I've read several posts about this link redirecting problem already, and tried to follow their intructions. The tools ComboFix.exe and Malwarebytes' Anti-Malware refuse to even run properly. I can see it in process explorer when I try to run them.. they just hangs there and nothing happens. Here is my hijack log... requesting any assistance that can be provided..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:48 AM, on 1/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files�... Read more

A:google + yahoo links redirect to ad sites, can't get combofix or Malwarebytes' Anti-Malware running

Hi

If you still need help with this post a fresh hjt log, please.

2 more replies
Answer Match 53.34%

I can not get online at all. I had the bavariax.exe according to AVG. The virus seems to be removed?? but I can't get online. Should I just restore my computer?Here is my hijack log:ogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:36:12 PM, on 7/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\sySTEM32\SvchoSt.ExEC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgam.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROG... Read more

A:Bavariax/PP10

Hello bigworm,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

2 more replies
Answer Match 52.92%

wow, i just typed for 15 minutes and it didnt save anything i typed when i tried to post and erased it all, im so frusterated now im about to give up lol.. im not a newbie when it comes to building computers, ive built all sorts of custom rigs/client rigs, but im stumped on my own setup.

setup before case swap :

asus a7n8x-e deluxe
antec 400w PSU
athlon xp 3000+ barton
thermaltake volcano 11+ xaser edition cpu heatsink/fan
2x512 corsair xms ddr3200
geforce 6600 agp
80gig WD 7200 IDE
sony dvd/rw drive
sony cd/rw drive

ok before swap it ran PERFECT. no glitches what so ever, nice temps. I pulled everything out and dusted it all off with air duster, tore the cpu heatsink/fan off and took it all apart and cleaned it all out and reassembled, cleaned off old paste and applied new silver thermal compound, remounted heatsink on to cpu. placed screws on new case (heres link for it BTW http://www.newegg.com/Product/Product.asp?Item=N82E16811133154 ) and installed the mobo/cpu. From here on out, its self explanatory, installed all drives and stuff, spent HOURs wiring it up professionally.

Heres thwe bad part, i go to start it up, it beeps once which is a good thign to hear when starting up your pc, and i got into bios to look at temps while i troubleshoot my fans in the case making sure all are working properly and flowing air like they should be, including the cpu fan, all looked good as far as fan flow goes. less then 10 seconds after getting into bios and quic... Read more

A:Swapped perfect running rig into new case, wont stay running now.

Check the legs of the CPU. One got perhaps bent or broken off.
Make sure the mobo is not shorting agains the mounting studs. Do these all coincide with a mounting hole?
Does that mobo require the extra 4-pin power-plug as for Pentium and AMDX64?
Did you connect the reset/speaker/power/etc. small little cables correctly?
 

14 more replies
Answer Match 52.5%

I'm getting popups that my computer is infected with instructions to go to the security center to do a full free scan. Something is also trying to access hxxp://goscanwork.com/?uid=13300, but Trend Micro is blocking. Please let me know what other detailed information might be helpful. Thank you in advance for your help. Much appreciated.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Daren Benson at 22:09:48.93 on Mon 06/08/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1170 [GMT -7:00]

AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\... Read more

A:Infected with mstre19.exe and pp10.exe

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.In case you lost internet access after performing above instructions:In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > unche... Read more

6 more replies
Answer Match 52.5%

My laptop had a severe case of multiple smss.exe running in my process manager. Both pp10.exe and h36kdzr.exe were also on my computer. i tried removing with HJT but i am new to the program (should have consulted this forum first). Currently my computer will minimize my full screen programs almost randomly, it will play random sound files that are not on my computer overlaping with the currently playing audio and the system seems to slowly crash, losing my ability to open programs until the point when the mouse pad will not work and i have to do a forced shutdown. the one error message that always pops up is that the ihaupd32.exe has crashed, immediately after start-up.

I greatly appreciate all the hard work you fine folks do for the rest of us.
Thank you.

here is the dds.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Thomas at 22:37:23.28 on Mon 07/13/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1247 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\W... Read more

A:smss.exe, pp10.exe, and h36kdzr.exe

Hello and welcome to Bleeping Computer.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be p... Read more

5 more replies
Answer Match 52.08%

Good day,Recently after running a keygen from some no so legit software, I noticed some strange processes running on my Windows XP machine, they are as follows: SYS32DLL.exe, pp10.exe and Pqarocuvuw yfyqu.exeI have tried running the "Rogers online protection" virus and anti-spyware scan tool which I have installed but it does not detect these processes as being malicious. The steps I have taken so far are:1) Block internet access to SYS32DLL.exe which kills browsing the internet on both IE and firefox2) Download HijackThis and re-name (One of the processes won;t let you run it when it has the original name)That's about it, here is the log file that HijackThis generate, any help would be greatly appreciated.---------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:36:27 AM, on 26/05/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exe... Read more

A:SYS32DLL.exe, pp10.exe and Pqarocuvuw yfyqu.exe

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Answer Match 48.72%

Hello,

I just came across this forum and I realize that many people have this "redirect virus." I also am a victim of it, and I would like to seek help. I read the previous thread and I followed the steps for DDS and GMER.

Before I attach the files that I saved, I just want to mention that I get redirected when clicking on a Google search, and I see "gostats" or "essearch" at the bottom of the page. Also, I've cleaned my PC with Malwarebyte's, SmitFraudFix, and SUPERAntiSpyware. I've cleared and cleaned my internet temporary files and all that (I used ATF-Cleaner in addition to clearing the information from the "clear" menus).

I would like to receive the "go" before I post any files necessary. I would like to thank whoever that is going to help me in advanced :)

A:Another case of redirect

I'm sorry if I'm not supposed to double post, but I don't really see the "edit button" for this thread. Anyway, I read that I'm supposed to do some attachments, so here they are.



DDS (Ver_10-12-12.02) - NTFSx86
Run by Joey at 15:28:42.42 on Tue 02/15/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1213 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\APOD\apod.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:... Read more

3 more replies
Answer Match 48.3%

Hi Folks - I am new to this so bear with me. I have a decent amount of computer experience and, until now, I have been able to fumble through and solve my problems with google searches and reading forums. Not this time..

Same old story - I click on IE and it wont start although iexplorer.exe appears in the process list.

I read some of the postings and I tried starting in safe mode, starting without add-ons - all the usual stuff. I loaded IE7 still nothing. I have run Macafee, Spybot, Malaware and found some things but still no go.

I read your instructions and downloaded Hijackthis.

Here is the log.
Help is greatly appreciated.

Chris D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:53 PM, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PR... Read more

More replies
Answer Match 47.88%

Hi,
I have been having a redirect problem for about a month now, and I can't seem to get rid of it. Every time I try to google search something the links I click are not the links I want to be opened. I either get redirected to some site called elocals.com or google-analytics. I am using Google Chrome. Any help would be appreciated, thanks!

DDS (Ver_10-11-27.01) - NTFSx86
Run by Jem at 10:17:46.47 on Sat 12/04/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1917.1123 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C: ... Read more

A:Infected with Google Redirect/ Google Analytics Redirect

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

15 more replies
Answer Match 47.46%

How can I check to see if this a real problem or if replacement is needed. Desktop is working ok with and without online usage but freezes up from time to time. What can I do to fix it??
 

A:CPU and Case fans not running

If the cpu fan wasn't working, the PC wouldn't be "working ok". Most computers, without the cpu fan running properly, will either not boot or shutdown within minutes (with an audible alarm) as the cpu overheats (without even using the computer).

"Freezing up" can be a software or hardware issue. If the problem only occurs "online", you could have a browser or browser plugin issue. You need to narrow down exactly what you are doing when the problem occurs.

You can also open and monitor Task Manager to view the cpu usage and processes to see if a single process is causing the problem.
 

2 more replies
Answer Match 47.46%

Hello, this is my first post. I was pointed to BleepingComputer by this Google forum:

http://www.google.com/support/forum/p/Web%20Search/thread?tid=6df7e15519290612&hl=en

I am experiencing some type of problem with a "redirect" virus, I think. When I click on a Google search result I am constantly redirected to other sites. This is happening in both Firefox (my primary browser) and IE. I have run current versions of AVG, Adaware, MalwareBytes, and HitmanPro, which was recommended by many posters on the above thread. None of them have resolved the issue. According to much of what I've read, ComboFix may be the only solution, but I thought it best to post here first to get a professional recommendation.

Any help will be greatly appreciated. Thank you.

A:Anohter Redirect Virus Case

Also, I am using Windows XP Version 5.1 with Service Pack 3. That might help.

2 more replies
Answer Match 47.46%

Hi guys-

I too have the dreaded browser redirecting virus / malware. I have a fairly good idea where it came from, I installed an update for a program from an unreputable source. I'm generally reasonably savvy with this sort of thing, but a momentary lapse of sanity led me to open said .exe file even though I knew I shouldn't. The program did nothing at all (except, I suspect, install the malware), and ever since, I've had problems with my browser's search engine linking to (warning- possibly dangerous link!!) "hxxp://www.businessite.net/search.php?q=googlesearchterm" (warning- possibly dangerous link!!).

I have no problems reaching websites directly through the address bar, or links on other sites. Merely google.com search results are affected.

I have also noticed considerable slowdowns after periods of use (1 hour) to the point where the system grinds to a halt. I also noticed that a lot of default settings in windows have been re-enabled, such as file extensions have been hidden, and system files hidden. I have unhidden these in folder options as I always do.

I attempted a spybot: Search and destroy scan, which found 2 non-related entries which I have cleaned (which did not solve the problem). Avast full scan shows no infections, sadly. After that, I didn't know what to do, so I'm asking your help. I searched these forums and saw that a lot of problems are fixed with Combofix, but it seems a dangerous tool unless operated correctly so I haven't touc... Read more

A:Another case of the browser redirect virus :(

Hello and welcome to TSF.

Please note that more than one round may be needed to properly eradicate. Stay with me until you're given the "all clear", even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions in the order they are presented, and please refrain from any self-fixing or running of scanners unless requested by me or another helper at this forum.

Also note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

=================

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
How to disable Avast

Right Click on the Avast icon in the system tray
Click on Program Settings...
Click on Troubleshooting
Place a tick next to Disable avast! self-defense module
Click OK
At the prompt that appears, click Yes
Right Click on the Avast icon in the system tray and click Stop On-Access protection
At the prompt that appears, click Yes

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine be... Read more

7 more replies
Answer Match 47.46%

you guys at bleepingcomputer are real swell, and I sure hope you can help me out.My PC has recently been infected by some sort of malware. The problems I've been experiencing apparently aren't uncommon at the moment. There are a number of threads started by people with (most likely) the same infection.This thread - http://www.bleepingcomputer.com/forums/topic366738.html describes my problem.GMER unfortunately isn't completing its scan without freezing, but I've got the necessary DDS logs.DDS LOGDDS (Ver_10-12-12.02) - NTFSx86 Run by Owner at 12:52:36.70 on Sun 12/12/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.203 [GMT -7:00]AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common File... Read more

A:Another case of the redirect/ad popup malware

Hello valence, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make. Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender.After all of the fixes are complete it is very important that you enable Real-time Protection again.2.Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
Before we begin, you should disable your anti-malware softwares you have installed so they do not inter... Read more

9 more replies
Answer Match 47.04%

I'm pretty sure it's the Mother board or CPU, but i just wanna double check before I start replacing things...

twice today my pc just randomly shut down on me and wouldn't turn back on unless I unplugged it for a lil while. the last time it happened it won't start up all. all of the case fans are running but the keyboard lights won't come on and nothing on the monitor...

any ideas?

thanks in advance
 

A:PC will not start, case fans are running

6 more replies
Answer Match 47.04%

Hi all,

I am thinking of undertaking a case-modding project in the near future and I was wondering how I could power, and turn on and off the systems fans and any lights I may put in the case without a main board to send a signal to the PSU to power-on?

I have a spare case, a spare working PSU, tools and paint and a few ideas. Yet I don't have a main board kit to put into this case once finished, and thus I wont be able to see what the lights look like and how the air flow goes without power.

Is there any way I can re-wire the on/off switch directly to the PSU so I can turn the PSU on and off using that switch?

Any ideas appreciated.

Oh, and if anyone is curious my ideas for the case is to give an old, plain beige mid-tower case a make over. Thinking of re-spraying the outside flat black, spraying the insides flat or gloss white, re- modeling the drive bays and air vents, and hooking up some blue neon or UV lights for ambiance inside the case and then selling it to a friend.
 

A:Running case fans without a mainboard:

If the case has a standard ATX power supply with a 20 or 24 pin motherboard connector, connecting the green wire to one of the black wires will turn the power supply on.

You usually need a load (around 5 amps) on the 5 volt output to get the PSU to regulate properly. Depending on the PSU design, all the outputs tend to be low if there is no load on the 5 volt output.
 

2 more replies
Answer Match 46.62%

i have an Audigy 2 soundcard for my PC...the problem is i can't figure out how to use the front I/O ports with it so i can just run my mic headset to them instead of the back of my case. the I/O panel runs to onboard sound. could anyone help me figure a way to run them using my soundcard??

thanks in advance
-Miffy
 

More replies
Answer Match 46.62%

Hi
I was looking in my BIOS at "pc health status" and it reports that my CPUfan is running at around 4500rpm yet my big blue case fan (8inch i think) is only running at 1900rpm

I downloaded "SANDRA" and got a mainboard readout ,and it said that one fan was running too slowly , and also that my mainboard was too hot (55C)
Yet my bios says my mobo is 33C

Also could it be that my case fan speed is controlled by the MOBO and its running it slowely because everything is infact relatively cool ?
Or is my fan broken ?.....its only a few days old

Is there anyway to turn my fan speed up to make it run at full speed like my cpu fan

Hope ive explained all this properly , is I confused the hell outta myself writing it

thanks........................................................John
 

A:HELP...Bios saying that my 8inch case fan is running 1900rpm...

or maybe big fans run slower ? just a thought
 

6 more replies
Answer Match 46.2%

Hey everyone. I've read a lot about the whole google redirect virus (search results linking to some sort of advertisement in a new tab on firefox) but I can't seem to fix it. I also have the <user name>.exe virus which runs on my system at the startup and I can't end the process. For that matter, I can't end ANY processes that I want to - after I click it, nothing happens. Furthermore, my MalwareBytes and Spybot won't run either, despite how many times i click on it or how long i wait. I can't reinstall any programs either it seems. So yeah... I'm not even sure where to start with my slew of problems.

Here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:51 PM, on 8/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\NEW\System32\smss.exe
C:\WINDOWS\NEW\system32\winlogon.exe
C:\WINDOWS\NEW\system32\services.exe
C:\WINDOWS\NEW\system32\lsass.exe
C:\WINDOWS\NEW\system32\Ati2evxx.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\System32\svchost.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\system32\LEXBCES.EXE
C:\WINDOWS\NEW\system32\spoolsv.exe
C:\WINDOWS\NEW\system32\LEXPPS.EXE
C:\WINDOWS\NEW\system32\Ati2evxx.exe
C:\WINDOWS\NEW\Explorer.EXE
C:\WINDOWS\NEW\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Le... Read more

A:Another case of Google redirecting + more..

bump + update -

I managed to get rid of some of the problems, but it seems that the google redirect problem is still there. Here is a copy of an updated HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:34 PM, on 8/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\NEW\System32\smss.exe
C:\WINDOWS\NEW\system32\csrss.exe
C:\WINDOWS\NEW\system32\winlogon.exe
C:\WINDOWS\NEW\system32\services.exe
C:\WINDOWS\NEW\system32\lsass.exe
C:\WINDOWS\NEW\system32\Ati2evxx.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\System32\svchost.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\system32\LEXBCES.EXE
C:\WINDOWS\NEW\system32\spoolsv.exe
C:\WINDOWS\NEW\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\system32\Ati2evxx.exe
C:\WINDOWS\NEW\Explorer.EXE
C:\WINDOWS\NEW\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier... Read more

1 more replies
Answer Match 45.78%

Hello,

I have seen and read a few of the other cases and I'm not sure of what to do. I'm guessing it would help more and cause less damage if I could get help specifically for the case on my computer.

I am running on Windows XP Professional Service Pack 3 and I am using Rogers Online Protection for my antivirus and firewall.
I have been infected with a "Windows Security alert" virus around 3 days ago and I believe I had it removed. At around the same time after the Windows Security Alert virus was removed, IE was not displaying web pages.

Once I got IE to display the pages again from reading some threads, the Google redirect problem started happening as well as the occasional new tab opening to a random website.

Thanks in advance

A:Yet another case of Google redirecting links

I'm not a pro (as in part of the malware removal team) at this but I had something similar happen to me today, it sounds like something to do with proxy servers....well anyway...http://www.bleepingcomputer.com/virus-remo...ntispyware-softThe part that says to go to Internet Options -> connections -> LAN settings -> Uncheck AllThis stopped my Internet Explorer from redirecting (I use firefox, but seeing how the proxy was set up by malware, I assume the end result would have been a redirection to the malware's site), give that a try. If that doesn't work, wait for someone more experienced at this to give it a go.

8 more replies
Answer Match 45.78%

Hi all,

Long time-lurker here, really helpful site. *Coos*

My tech unsavvy uncle has shoved his laptop onto me telling me it's "broken". To my knowledge, the problem is that his browser (both IE and Firefox) redirect to other websites (mainly eBay). It seems this only happens via links and Google and manually entering a URL by-passes the problem. Malware Bytes, TDSSKiller, Adaware have been tried. I believe as well as ComboFix.

I've also had trouble doing a HiJackThis scan. I'm having problems saving the log file. ("No Internet Connection Available", even though it is.)

Any help or advice on how to proceed would be much appreciated.
Thank you.

A:The Curious Case of The Google Re-Direct

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

3 more replies
Answer Match 45.78%

Hi all, I've been getting conflicting reports as to what this is. Yesterday Chrome warned that a site I was trying to visit had suddenly become unsafe but a few minutes later the site loaded just fine. I then noticed that my google search results url had a LOT of extra parameters that I had never seen before. I set Chrome back to default settings. This is what the home page was set to: http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

I then scanned my computer, antivirus and spyware came back clean. But if I search for something I still get these strange urls. I did the same search at work and the url was just fine. Is this a case of me not having something set on my personal computer or am I infected with malware?
Image attached shows the url I get when I search from home vs when I search from work. I just did the search again and this is the url it gave me : http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN when I'm logged in.

I just logged out of gmail and now this is the result http://www.google.com/#hl=en&cp=6&g....,cf.osb&fp=21e6f9b0f7b4c3b3&biw=1366&bih=634 so if this is a new google chrome tracking thing....just let me know so I can eat my Thanksgiving meal in quiet shame...

Running Windows 7, computer is only 2 weeks old :-/
 

More replies
Answer Match 45.78%

I too am experiencing google links redirect to random sites, just like the DaddySouth who posted "Google links redirect to random websites, Requesting help fixing redirect problem". I've tried applying the instructions given to DaddySouth and I cannot fix this myself. So, I am hoping desperately that someone here at my bleepingcomputer.com can help me.

Please help!

Thank you,

vincamato

A:Another: Google links redirect to random websites, Requesting help fixing redirect problem [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

3 more replies
Answer Match 45.78%

As a preface to my problem I'd like to tell you I've been working with HP for two weeks now (my computer is a HP m9200 desktop) and I've yet to resolve the problem. I don't consider myself computer savvy but I know a little and the symptoms of my computer really don't make any sense to me. I've run every diagnostic available by hitting the "F" keys on startup those include processor, ram, hard drive, and networking. My computer passed every test even the extended tests but was still running very slow (slow meaning it took 30 minutes to start up or shut down and was extremely slow to process any action, even clicking the start menu).


So as HP and I were troubleshooting they decided a system restore would fix everything so we did. My computer was back to it's original factory condition but was still not running right. Then randomly one day I tried to start it in safe mode and as it was starting up it randomly restarted itself in normal mode and ran perfectly for about 2 days before suffering from the same problems it had. I system restored it again to no avail and off and on it would work perfectly and then suddenly slow down to a grind. There was no association as far as I could tell with any one program making it do this, there were always different programs running it really seemed like a random thing. In all honesty I didn't know where to post this problem because I don't know how it could be malware if I've done a complete system restore but I also d... Read more

A:Curious case - New computer running very slow even after system restore.

I have the same problem! The EXACT same excruciating problem! It comes around every once in a while, like maybe weekly? I think we should collaborate and see what could be the problem.

2 more replies
Answer Match 45.36%

Two issues using both IE7 and Firefox3.0.4:1. Google results redirecting via copy-book.com (can be seen connecting to copy-book.com via status bar)2. Windows Update redirects to msn.com------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Malwarebytes' Anti-Malware 1.30Database version: 1419Windows 5.1.2600 Service Pack 316/12/2008 7:06:20 PMmbam-log-2008-12-16 (19-06-20).txtScan type: Quick ScanObjects scanned: 61572Time elapsed: 3 minute(s), 38 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 6Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.105 85.255.112.186 1.2.3.4 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d9d40769-8208-4e7a-936c-859fc057bd18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.105 85.255.112.186 1.2.3.4 -> Quarant... Read more

A:Google Copy-book.com redirect & Windows Update redirect

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Thanks and again sorry for the delay.First,Download GMER Rootkit Scanner from here. Extract the contents of the zipped file to the desktop. Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so. If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO. In the right panel you will see several boxes that have been checked. Uncheck the following the following checkboxes: Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Now click on the Scan button and wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.Please note that rootkit scans often pro... Read more

1 more replies
Answer Match 45.36%

I some sort of malware (could be more than one) that: 1) causes all Google search results to be redirected (not exactly redirected as the link in the status bar of the browser will actually be changed also). The links sometimes randomly change to different sites or will show adwords.securegroup.com. 2) I entered credit card info for bill payment to a perfectly credible site (it did show lock and https) and when I submitted the form, a seperate window popped up with a title something like "additional credit card information", and didn't appear secure (didnt have address bar or anything though) telling me basically to re-enter all of my credit card and bank info. It was a page at 209.222.6.227. I closed it with the "X" without entering anything. Recently have noticed when I open IE, it always tells me the last session closed unexpectedly; always "goto home page" but did try the other option once. It opened 4 pages ive never been to before and mtch the urls in: Recent topicMy DDS.txt:DDS (Ver_10-10-10.03) - NTFSx86 Run by Owner at 22:20:26.98 on Tue 10/19/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.132 [GMT -5:00]AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC... Read more

A:Google Search Result Redirect/CC Info Entry Redirect

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

25 more replies
Answer Match 45.36%

I am infected with a version of the Google Redirect malware problem:- When I click on one of the results from a search on any major search engine, I am redirected to other websites, usually commercial websites such as monstermarketplace.com. I can reach any website if I copy the address in the address bar; I only get redirected when I click directly on the link in the search results page.- Occasionally, a new tab pops up when I am in iGoogle, Gmail, or a Google search page. The new tab's address is www.google.com/webhp. In two occasions a new tab has opened with a commercial website. I always close the windows and have never searched on the google.com/webhp page.Some history:- I was originally infected with the AV Security Suite virus this weekend while downloading the platform for the online game "Battlefield Heroes" (www.battlefieldheroes.com). I tried going online while this virus was active and clicked on some of the pop-ups and alerts, sometimes saying "Yes" and sometimes "No" when it would ask if I wanted to allow access to the home page website. I believe this may have enabled the current redirect malware.- I removed the AV Security Suite virus (at least partly) by renaming and deleting the folder from which it was acting within my Local Settings folder. The current infection must therefore be a leftover of that initial infection.- I ran SpyBot and Ad-Aware, both of which found and removed cookies. I uninstalled both programs a... Read more

A:Infected with Google Redirect / Search Engine Redirect Malware

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

13 more replies
Answer Match 45.36%

This has been happening for sometime but I haven't thought anything of it til now. Whenever I search google, when I click on a link I get redirected to a new page. More recently however, it will redirect me to a page saying this site is known for attacks and asks if I want to get out of there or ignore. I know this is obviously a fake but I have no idea why it is being directed to this. I have scanned with Nortan and Spybot Search and Destroy with no avail. I also looked through some sites and it sounds like a problem that is best left to a professional. Please help.

A:Google Search Redirect and Fake Security Risk Redirect

Hi ZJ88 and welcome to Bleeeping Computer.Have you tried scanning with MBAM?Let me have the reports from these 2 steps and then we'll take it from there.Step 1Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the... Read more

1 more replies
Answer Match 45.36%

I some sort of malware (could be more than one) that: 1) causes all Google search results to be redirected (not exactly redirected as the link in the status bar of the browser will actually be changed also). The links sometimes randomly change to different sites or will show adwords.securegroup.com. 2) I entered credit card info for bill payment to a perfectly credible site (it did show lock and https) and when I submitted the form, a seperate window popped up with a title something like "additional credit card information", and didn't appear secure (didnt have address bar or anything though) telling me basically to re-enter all of my credit card and bank info. It was a page at 209.222.6.227. I closed it with the "X" without entering anything

More replies
Answer Match 45.36%

Hello,

I am new here. I really hope to receive some assistance with this very annoying ordeal and learn how to prevent this in the future. I think I'm in the right place.

Just as with several others who have posted here, everytime I click a link in Yahoo/Google search results I am redirected to another site. I have been dealing with this for several weeks now. I at first thought that something was wrong with the search engines, but soon realized that it was my computer. I have ran scans using AVG and Ad-Aware, but nothing has helped.

I would greatly appreciate any assistance you all could provide. Enough is enough.

A:Yet Another Case - Google/Yahoo Redirection/ Moved

Hello,

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.

What is your operating system: Windows XP, Vista, etc.?

What kinds of sites are you redirected to? Please do not post live links.

What browser or browsers are you using when the redirections occur?

Are you experiencing other issues besides the redirections? Please be as specific as possible.

Do you have other security programs installed besides AVG and Ad-Aware? If so, please name them. Also, is AVG the AntiVirus, a security suite, or an AntiSpyware?

Orange Blossom

15 more replies
Answer Match 44.94%

My computer, running Windows XP is infected with the Redirect Virus. Primarily, links in Google and other search tools are redirecting to unrelated sites. This is manifest in Firefox and Internet Explorer. I have also noticed an increase in popup ads, but that may be unrelated.

My Norton Anti-Virus does not detect anything wrong. I have attempted to remove virus with TDSS Killer, but that does not find anything on my system. Also, both Malwarebytes' Anti-Malware and Microsoft's Malicious Software Removal tool have failed as well.

I have also reset my router to factory settings, but that did not solve the problem either.

Thanks for taking the time to look into this.

DDS log is below:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Jeremy at 15:05:32.71 on Fri 02/18/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.445 [GMT -6:00]

AV: Norton AntiVirus *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
F:\WINDOWS\system32\spoolsv.exe
... Read more

A:Infected with Redirect Virus - Google links redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".Gringo

16 more replies
Answer Match 44.94%

When I perform a search in Google, and hover over any result, there is a sudden appearance of more results that are mostly unrelated to my search. It often takes severally attempts to successfully click on the desired link. I am also getting many random search results on the right hand side of the screen that are unrelated to the search. 
 
In addition, I am often being redirected from my intended site to some other site. Chrome is also performing considerably slower than has been its custom. Malwarebytes is consistently having to block potential threats as well. Not sure what the issue is. I appreciate any help. 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.13.2
Run by KedrickGarland at 19:53:20 on 2014-02-17
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3241.1003 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Wind... Read more

A:Google Search Redirect/Website Redirect Issues

Hello downwitk I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

3 more replies
Answer Match 44.94%

I get redirected when doing a Google search or will just suddenly go to a page I didn't click on or type in.

Here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:40 PM, on 11/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:... Read more

More replies
Answer Match 44.94%

As instructed in another post. Topic referenced is here: http://www.bleepingcomputer.com/forums/topic409507.html ~ OB Here are my Defogger, DDS and GMER logsDefogger Log;defogger_disable by jpshortstuff (23.02.10.1)Log created at 20:24 on 15/07/2011 (AEI)Checking for autostart values...HKCU\~\Run values retrieved.HKLM\~\Run values retrieved.Checking for services/drivers...-=E.O.F=-DDS log:DDS (Ver_2011-07-14.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385Run by AEI at 20:26:42 on 2011-07-15.============== Running Processes ================.C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exeC:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exeC:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exeC:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exeC:\Program Files (x86)\ooVoo\ooVoo.exeC:\Users\AEI\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Lenovo&... Read more

A:Internet redirect - possible google redirect?? Unable to remove

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

37 more replies
Answer Match 44.94%

When I perform a google search and hover over a result, there is a sudden appearance of search results that are unrelated to my search.  These unrelated search results also appear in abundance on the right side of the google search screen. 
 
Also, the screen jumps up and down as if I am hitting the page up/page down button as I attempt to click on a link. It often takes several attempts before I can successfully click on the link of the desired search result. 
 
I am also experiencing site redirection and a considerable decrease in browser performance (Chrome). I appreciate any and all help. Furthermore, malwarebytes is constantly having to block potentially harmful sites.
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.13.2
Run by KedrickGarland at 19:53:20 on 2014-02-17
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3241.1003 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Dell\DW WLAN Card\WLTRY... Read more

A:Google Search Redirect/Website Redirect Issues

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. Hello there, downwitk I'm Conspire, I'll be glad to help you with your computer problems.Please observe these rules while we work:Read the entire procedureIt is important to perform ALL actions in sequence.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Stick with me till you're given the all clear.Remember, absence of symptoms does not mean the infection is all gone.Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

24 more replies
Answer Match 44.52%

Hello Thank you in advance for your help!Here is my situation...Other than the known Google redirect problem (google results aren't what they seem to be) that I've been experiencing in the past few days, I also seem to have a problem with loading google products/services such as Gmail, google maps, google reader, iGoogle, and google translate in Firefox. I don't know if the Google redirect virus is somehow related to this problem. These Google services I've mentioned simply won't load for me. In Gmail, the login screen appears fine but when I enter my username and password, it takes me to the "Loading [email protected]" and just tries to load it for a very long time until finally it says that I have a network problem. Also, I noticed that when I click the "Sign In" button on the Gmail login screen, the status bar on the bottom says: "Transferring data from secariadna.com..." which looks very suspicious to me (I can provide a screenshot of this if requested). The other services (maps, reader, translate) just won't load. For example, when I open a new tab and click on my google maps bookmark (for example) the window remains white and it keeps displaying: "Transferring data from maps.google.com" in the status bar. Sometimes after a long time of loading, the map would eventually manage to load. I also have to note that picasaweb loads without a problem in FF, although it also displays "Transferring dat... Read more

A:Google redirect virus + possible additional malware that prevents from Google services to load

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

19 more replies
Answer Match 44.52%

Hello:

I just bought a new laptop last week - it is a Sony Vaio with Windows 64-bit 7 Home Edition. I use google chrome for my browsing. I don't use my laptop for any other purpose than browsing. I seem to have been hit by the google redirect virus - I see the results5.google.com redirect page at the bottom of the browser; but when I click and hold the google results page link it sometimes takes me to the correct page - I simply cannot seem to fix it using any available free anti-virus software - I've tried Super Anti-Virus, AVG, CureIt, Stinger etc. Most of these are not available for Windows 64-bit it seems.

I see other threads on this forum but none of them referred to 64-bit Windows 7 and most of them had individual logs that folks have pasted. I also tried http://support.kaspersky.com/viruses/solutions?qid=208280684 to download TDSSKiller but it says it does not support 64-bit OS.

I am not at all savvy with computers so any help here will be greatly appreciated.

Hope to hear from you all

Thanks
 

A:Google Redirect Virus results5.google - novice computer user/new laptop

14 more replies
Answer Match 44.52%

Hi,I was recently infected with the Windows Repair bug and fixed (maybe its still there) it via one of the posts on the sites. So I'm thinking I might have had a couple of other infections that were dormant for a while or Malwarebytes or Symantec never noticed.After fixing that, I noticed Google Chrome stopped working. When I started googling in Firefox and IE i noticed the page would redirect. And then an the "Internet Explorer Script Error" with the URL pointing to apparent spam urls "http;//celebrity-gossip.net/ashley-tisdale..." as an example. So I updated and ran Malwarebytes AM, Symantec & Microsoft Defender to see what they would. Symantec found an bloodhound virus in an archived drive. And i cleaned whatever Malwarebytes found, forgot now since its been a 4 days.I've tried the TDDSkiller.exe and that wouldnt launch. I tried renaming it too, but nothing.I found another thread and tried cleaning with SuperAntiSpyware and Hitman.I don't remember the correct order I've ran these, but followed according to the threads, including safed mode, internet off, etc...Anyways, any help is appreciated. here is the log:.DDS (Ver_11-03-05.01) - NTFSx86 Run by Mikael at 21:35:05.37 on Thu 04/07/2011Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.902 [GMT -7:00].AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}.===========... Read more

A:Google Redirect & Internet Explorer Script Error & Google Chrome not working

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachme... Read more

more replies
Answer Match 44.52%

My poor PC is on the brink, whenever I select a link in google it redirects me to another website called 'bit-find' and sometimes ebay, I have seen other people with similar problems to this on this forum so I'm pretty certain that it is malware. I had a crude attempt at trying to fix this using instructions in someone elses thread but didn't have much luck so I have created a new topic. Hopefully I have created this topic in the correct place this time, here are my logs, if some friendly person could help me i would be much obliged.

I have attached my 'DDS' and 'attach' file

Cheers chaps/chapets

A:Malware- Google links redirect me to 'bit-find', google maps don't work

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 44.52%

My wife's computer recently picked up several viruses. I ran a number of virus scanners, malware scanners, and utilities which seemed to find several infected files, but the problem still persists. When navigating to google, any links I click on automatically redirect to this server adwords.onlinesecuregroup.com and then send me off to some random page. I've attached the DDS and GMER logs, any help would be much appreciated, thanks!DDS (Ver_10-03-17.01) - NTFSx86 Run by Una at 21:09:26.20 on Fri 06/11/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.140 [GMT -7:00]AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\igfxext.exeC:\WINDOWS\System32\igfxsrvc.exeC:\Program Files\Apoint2K\HidFind.exeC:\Program Files\Apoint2K\Apntex.exesvchost.exeC:\WINDOWS\system... Read more

A:Google redirect virus sends google links to adwords.onlinesecuregroup.com

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

17 more replies
Answer Match 44.52%

For a few days now, after getting one of those fake "antivirus" programs my Google Chrome browser is unable to open any pages. I can open them in IE and Firefox, but on those browsers any links I click typically get redirected to random advertisement websites rather than the page I'm trying to reach.

Any help would be greatly appreciated.

DDS (Ver_10-11-03.01) - NTFSx86
Run by Adam at 20:18:34.04 on Thu 11/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1024 [GMT -4:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDevice... Read more

A:Google Chrome unable to open pages, Google Ads in other browsers redirect to advertisement sites

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------The Gmer scan shows possible TDSS issues. Please run TDSSKillerDownload TDSSKiller and save it to your Desktop.

Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

Now click Start Scan.
If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
Click Close
Finally press Report and copy and paste the contents into your next reply. If you've rebooted ... Read more

12 more replies
Answer Match 44.52%

The google/yahoo redirect thing is the one where you click a search result and get sent off to some unrelated page. This only happens with google and yahoo, of course.
The one that has really got me is the one that keeps the page from loading. the browser says "waiting for www.google-analytics.com..." and never loads. It isn't all sites just some. Example: can go to any Youtube video but not to many of the channels. If I were to type "threadbanger.com" in the address bar, it would navigate there for a split second and then get hijacked to a blank page with the google-analytics.com message. Computing is no fun anymore.
When the search redirect virus showed up, I reformatted the harddrive and started over. It was still present the very first time I logged on to the web. I don't know what to do. It happens in both Firefox and explorer. Help.

Just a note: Analytics problem seems not to occur in Explorer 6.

A:Google/Yahoo redirect and google-analytics.com blank page

The virus may have changed the DNS settings on your router.

1 more replies
Answer Match 44.52%

Hi. I have recently had my google search results redirected. My google search results have the same description, but the web sites' names and locations have been changed. Some examples of the fake sites include "lowpriceshopper.com" and "toseeka.com" Many of the sites also change from search to search. After receiving fake search results, I can obtain the real results by clicking the hitting the search button a second time. I can also obtain the real search results (get rid of the hijack) by refreshing the page (not from cache).I have tried to fix the problem by deleting cookies through firefox, but to no avail. Avast, Malwarebytes, and SuperAntiSpyware have not been able to find the problem.I read here Google Web Search Help Forum that, regarding someone's similar problem, "Combofix removed it. I believe the offender was a trojan winmm64.dll"Thanks,NoahDDS (Ver_09-07-30.01) - NTFSx86 Run by Noah at 11:41:31.76 on Mon 08/17/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1079 [GMT -4:00]AV: avast! antivirus 4.8.1335 [VPS 090816-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS&... Read more

A:Google Hijack redirect to "d2d-conv-google.cn/t" winmm64.dll Trojan?

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Answer Match 44.52%

Hey there. I've recent been having problems with Firefox/Google Chrome where my searches are being redirected to random sites when I click on the results. In addition the spellcheck function doesn't work if this searches are mistyped. I've tried several different programs with no success in fixing the matter. Among them are Dr. Web Cure it. As well as Malwarebytes which caused my computer to crash both times I tried using when it reached a file called zipfldr.dll

I've looked around at a couple sites but as nothing seems to be working I thought I'd give this a try. Any help would be apperciated, and it only seems to be affecting Firefox, and Chrome. Oh, and in addition to the redirect it's highlighting random phrases within the webpage with something called Clicksor, as well as the redirects going through something called 123bounce.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:14 AM, on 17/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Creative\USB Headsets... Read more

A:Google Searches being redirected in Firefox/Chrome. Google Redirect?

You have a DNS hijacker.

Disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box.
Click Allow Change box.

You can follow this link if you need help: http://russelltexas.com/malware/teatimer.htm
Try updating and running Malwarebytes again.
 

1 more replies
Answer Match 44.1%

Hello. I've been having issues with some trojans and malware and whatnot on my computer. It started when my computer began running slowly, then I got Antivirus Soft. I used Malwarebytes to get rid of it, but it seems another version of it (which runs as "ave.exe") has popped up. Malwarebytes, a system restore flush, and CCleaner slim seems to have rid me of this problem, but ya never know with these things, and I'd rather be safe than sorry.Also, around the same time, I began noticing all my google links redirect themselves. I use FireFox and Chrome, and apparently this only effects Firefox. Sometimes, it will show the normal URL in green under the google description, but sometimes it shows a fake URL, the most common of which is "Ave99.com", which makes me wonder if they're related. Here's a screen shot of what it looks like when the URL is fake (searched for "I'm doing a google search"):ALSO, I've been having a problem with logging into PayPal. When I went to log in, it redirected to a https which asked for my name, address, SSN, ATM PIN, etc. Obviously I didn't fill any of it out and left the page immediately. Here's what that looks like:I've run Spybot, but that doesn't bring any problems up. I also use Avira, which has caught a few trojans named "Cosmu.mjj", "FakeRean.A.473" (also with other numbers at the end), "PCK.Katusha.J.431" (also with other numbers at the end), and... Read more

A:Several problems... ave.exe / google redirect / paypal redirect

UPDATE:
ave.exe returned, and I'm pretty sure it has something to do with the google redirect. I was using Firefox to search for something and without thinking, clicked a link for wikipedia. It redirected me to a page with a strange symbol on it. I didn't get to screen shot it, or see the whole url, but it started with "bengaltigerrose.com". I didn't get to see the whole thing or screen shot it because Firefox closed immediately, and the fake antivirus screens popped up.

1 more replies
Answer Match 44.1%

About a week ago, my searches on google began redirecting me to random sites that looked like other search engines or other sites that were totally unrelated to my real search. Shortly after, my computer got another virus that kept popping fake antivirus warnings up. I was able to remove that fake antivirus problem as it has happened several times in the past. I used malwarebytes to remove that antivirus program virus. After the malwarebytes fix, however, google and yahoo were still redirecting me to random sites. That problem won't go away. I tried finding a solution by googling the problem with a different computer and I was led to a site that asked me to download combofix. I did download combofix, but I had no idea how to use it and I don't think it ran correctly. I think I need help using combofix correctly or downloading a better version of the program. I have Windows XP. I've had several viruses over the years and malwarebytes usually corrects the problem. This google and yahoo redirect issue is nasty. I'd appreciate any professional help.

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 22:32:10 on 2011-06-16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1529 [GMT -5:00]
.
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k Dc... Read more

A:Google redirect and other search engines redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

18 more replies
Answer Match 44.1%

Every search engine redirects me to various search sites, spyware removal sites, online scanners, coupon sites, etc... Have read forums with other people dealing with the same problem, followed the instructions given to them, but still have the problem. Have run SuperantiSpyware, Malwarebytes, Spybot, Ad-aware, Ccleaner, ATF cleaner, and my mcafee virus scan - still have the problem. Would greatly appreciate someone's expertise for my situation. Tremendous thanks. Log posted below:
DDS (Ver_09-07-30.01) - NTFSx86
Run by Anthony West at 11:06:44.48 on Tue 08/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.510 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctf... Read more

A:Google Redirect (all search engines redirect)

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Answer Match 44.1%

I have run TDSSKiller, Malwarebytes, Sophos, Super antispyware, and my McAfee AV. All new scans have come back clean, but I still have some redirects. When I first noticed the issues, I ran Malwarebytes and it found and supposedly cleaned Trojan.Medfos. DDS log attached.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by Robert at 12:39:41 on 2012-05-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.8788 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system3... Read more

A:Google redirect virus (does not redirect all links, only some)

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

20 more replies
Answer Match 44.1%

So I take it I'm not the only one with this problem? >:

I go to search for something on Google, and within the first couple of links I click redirect me to a fake browsing system called Happili, or something of the like. Also my virus protection has been popping flags left and right about Trojans something along the lines of: "...Local\Temp\0.8967750632949711.exe" etc.

I'm running on a Windows 7, Dell Latitude D830
Browser: Firefox
Antivirus: AVG and Malwarebytes

any help you could offer would be more than appreciated. :3
Hijackthis Report:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:17:24 PM, on 4/23/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nara\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize... Read more

A:Google Redirect Trojan >: (Happili redirect)

by the way, I don't know why avg still had a pop up for AV and SP. :\ I did a complete uninstall of the program as well as ran the the avg_remover for the 32 bit version. Because of which i still have avg9 and avg 10 in my program files but all the actual files are empty, and it looks like the only files it kept was the 'avg safe search' task bar for Chrome and Firefox. I could not find any copies of the actual program to use the temp. disabling process for running ComboFix, and it looks like for the most part that the process was able to complete alright. *shrug*
 

10 more replies
Answer Match 44.1%

I have been having redirect problems for over a month now, sometimes it it a redirect as soon as I click a link, sometimes it is after 5 or 10 seconds after arriving on a new page while I am trying to read it.I am currently running Windows 7 pro.I was having problems with the redirects and tried a reformat with no help to the problem.I suspect a possible rootkit, but I cannot find it or fix it.Thanks for any help.AVG does not show anythingTDSSkiller does not show anythingWindows defender does not show anythingsuperantispyware doesn't show anythingMBAM does not show anything but it will not update giving a MBAM_ERROR_UPDATEING (12007,0,winhttpsendrequest) error.GMER and DDS files attached DDS (Ver_10-10-10.03) - NTFSx86 Run by oem at 0:04:11.63 on Sun 10/10/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Enterprise N 6.1.7600.0.1252.1.1033.18.3326.2188 [GMT -4:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\Sys... Read more

A:google redirect/firefox redirect problems

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

33 more replies
Answer Match 44.1%

This started last night after java (or supposedly java, anyway) asked to update. I haven't used my laptop in a while, so it seemed like it needed an update. After allowing it, every link I clicked on google redirected. Links that I click anywhere tend to redirect, but it has a 100% occurrence with google links and only a partial occurrence with links from other websites, like this one.
I ran AVG, and that found nothing. Microsoft's malware removal tool found a trojan (didn't write down the name, sorry. I would know it to read it, though.) and said it was partially removed, and recommended microsoft security essentials. I installed & ran microsoft security essentials, which found two more trojans, some malware, and adware (but again, I didn't write the names down, thinking that would be the end of it...) and said those were completely healed. But there are still these redirects. I tried Malware bytes, which also removed a couple trojans and some malware. Still getting redirects.

So then I came here and followed these steps.
Here are the logs:

DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_22
Run by Rachel at 17:11:41 on 2011-09-03
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3061.1694 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG... Read more

A:Google redirect (link redirect in general)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

16 more replies
Answer Match 44.1%

My PC is a bit messed up. If I could get some help that would be great. I tried Malwarebytes but didn't remove it. I get redirected randomly to a web site that pretends to scan my pc then tells me to download security tool. Also when I go to google sometimes when I select a link it redirects me to a random site.Here is the DDS.txt file and I attached ARK.txt and Attach.txt files.Thanks in advanceDDS (Ver_10-03-17.01) - NTFSx86 Run by mbernard at 15:33:03.48 on Fri 10/01/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.227 [GMT -4:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\ngvpnmgr.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Pro... Read more

A:Sercurity Tool Redirect and Google Redirect

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

2 more replies
Answer Match 44.1%

Ok, I'm relatively new here. I've tried to follow the rules, but I apparently keep posting in the wrong areas. The following are my logs from DDS and Combofix (I know I wasn't supposed to run combofix on my own, and I ran it before I ran DDS). I also ran hijack this, that log is at the bottom. GMER cannot be run on my machine as I am running Window7 64bit. I've tried a lot of things before resorting to bleeping computer, too numerous to list at this point. I would consider myself an above average user, and I am generally able to get rid of viruses on my own. This is different, I have an idea about whats going on, but realize it's beyond my current level of expertise. Thanks in advance for your help.
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Marriott at 1:31:18.10 on Fri 12/24/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1918.1056 [GMT -5:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe... Read more

A:Google Redirect in IE and Yahoo Redirect in Firefox

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

29 more replies
Answer Match 44.1%

I used to use Google Chrome, but there was an incident that involved my computer rebooting itself and it doesn't load anymore. That was earlier tonight, now I'm using Firefox and I've gotten the Google redirect virus. Hitman Pro said there was a hidden version of the alureon virus on my hard disk. Here are some logs. ============== Running Processes ===============C:\PROGRA~2\AVG\AVG10\avgchsva.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\AVG\AVG10\avgfws.exeC:\Program Files (x86)\AVG\AVG10\avgwdsvc.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:�... Read more

A:Google redirect on Firefox, Google Chrome not loading

Hi colinberan, and welcome to Bleeping Computer.Download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all.

2 more replies
Answer Match 44.1%

Whenever I perform a Google search and click on a link I'm redirected to ad sites. Sometimes the address bar will popup with one and then will redirect again to a different ad site. I haven't noticed any pattern in the redirection or to any specific sites. Obviously I have no idea how to fix it. I've tried reinstalling the browsers and running anti-spyware: Spybot, Malwarebytes, Spydoctor - though I'm too cheap to actually pay for the program, restarting the computer. It hasn't gone away. Thank you in advance for your help. I've included and attached the requested information.DDS (Ver_09-12-01.01) - NTFSx86 Run by Laura S at 17:16:25.43 on Fri 01/15/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.65 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:... Read more

A:Google redirect virus in Firefox, Google Chrome

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

27 more replies
Answer Match 44.1%

my malware seems to prevent posting as well. If i get this to post at ALL I will be back in with updated logs including the dds log and another gmer attempthi. I tried not to post. By reading your guides and uses your tools I attempted to resolve the issue. Looks like I need your help. I'm sorry to use your time, I really appreciate the help! I have backed up my registry with ERUNT. I created a new restore point. I ran avg and tfc (reboot included) I used GooredFix. I used TDSSKiller. At this point I was bluescreened to death, even in safe mode. I opted to "boot w/ last good configuration" I repeated above adding in OTL and GMER, using TDSSKiller last... same thing, death even in safe mode. At this point I have rebooted, run ERUNT, created new restore point, run TFC, run MBAM (nothing found), run AVG (nothing detected), run OTL. at this point GMER causes system failure. I'll keep trying and get a GMER log just as soon as i can. Thanks! I'm adding the logs belowMy most recent actions: retried tdsskiller. it attempted to reboot, reboot failed. manual reboot attempted, failed. manual reboot into safe mode failed. manual reboot to las good configuration. ran a mcafee removal tool, created a new sys restore point, ran ERUNT, ran TFC w/ reboot. after reboot, new system restore point (redundant, but this point has mcafee completely cleared), reran ERUNT, ran mbam (newest log is the one I'll include here) then ran OTL and saved log (no extras log thi... Read more

A:google redirect virus, google chrome disabled as well

ok, I tried a few more things (systemlook, gmer scan w/ sections only, look.bat. I did NOT dl TDLfix.exe as AVG shield gives a a warning saying it is infected w/ a trojan. I will now post the systemlook log, gmer log, and mbr (look.bat) log. Then I will sit VERRRRRY quietly, and not download or scan another thing until I am told to do so. I promise to follow directions carefully and otherwise to *not* mess with the system and your process. (posting logs, ducking and running to hide before I get thwacked for the extra logs etc)SystemLook logSystemLook v1.0 by jpshortstuff (11.01.10)Log created at 21:50 on 21/06/2010 by Pat (Administrator - Elevation successful)========== filefind ==========Searching for "kbdhid.*"C:\I386\KBDHID.SY_ --a--- 7901 bytes [20:28 25/04/2008] [12:00 14/04/2008] 79B4724B01DBC3A685CC0727D20FB7E1C:\WINDOWS\system32\drivers\kbdhid.sys --a--- 14592 bytes [00:09 14/04/2008] [12:00 14/04/2008] 9EF487A186DEA361AA06913A75B3FA99-=End Of File=-GMER fileGMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-06-21 22:01:03Windows 5.1.2600 Service Pack 3Running: gmer.exe; Driver: C:\DOCUME~1\Pat\LOCALS~1\Temp\fxtdapow.sys---- Kernel code sections - GMER 1.0.15 ----.rsrc C:\WINDOWS\system32\drivers\compbatt.sys entry point in ".rsrc" section [0xF78D3214]init C:\WINDOWS\system32\Drivers\OA012Afx.sys ... Read more

19 more replies
Answer Match 44.1%

This week, my google search results have become become clickjacked. When I use FF3 (but not Chrome), every result I click is redirected via WindowsClick.com to a spammy search site.Also, I get that error message that ViewMgr.exe and Google Installer have failed. I've seen both of these issues going around, but have been unable to fix. HJT log is below, please let me know if I can provide any more info. Thank you very much,JimLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:31:28 AM, on 3/27/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Intel\Wireless&... Read more

A:WindowsClick.com Redirect on Google, ViewMgr & Google Installer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Answer Match 44.1%

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download Combofix from either of the links below, and save it to your desktop. Link 1Link 2**Note: It is important that it is saved directly to your desktop**--------------------------------------------------------------------IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link--------------------------------------------------------------------Double click on ComboFix.exe & follow the prompts. If you have trouble, stop and post back. Do not try to repeatedly run comboFix!When finished, it will produce a report for you..Please include the following in your next post:ComboFix log

A:Google links redirect to go.google spam sites

Note: although it says that AntiVir Desktop is Enabled, i have made sure to uninstall and delete the program, i am not sure why it says it's still there, it doesn't show up on my task bar or my processes and i even made sure to delete the file from my programs folder.

ComboFix 12-01-28.01 - Brian 01/28/2012 8:57.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3764.2014 [GMT -5:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brian\AppData\Local\dplaysvr.exe
c:\users\Brian\AppData\Local\dplayx.dll
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\qyfcilsl.default\searchplugins\bing-zugo.xml
c:\users\Brian\AppData\Roaming\vso_ts_preview.xml
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011... Read more

13 more replies
Answer Match 44.1%

As per a few other posts, for no obvious reason the google installer error message pops up very regularly, links from google search's take me elsewhere, system restore won't work, screen freezes & the missus is ready to kill me (she blames me for it).
Hope you can be of assistance

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:59 PM, on 15/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Pro... Read more

A:Google Redirect, Google Installer Shut down & Freezing

it's starting to get very annoying, any ideas please
 

1 more replies
Answer Match 44.1%

I've been having problems with google installer errors popping up every 10 minutes or so, also i'm being redirected to a random site every time i click a google search result links

Rootrepeal isn't working, every time i try to open it an error pops up and says "Could not read the boot sector. Try adjusting the Disk Access level in the options dialog. "

here is my DDS log

DDS (Ver_09-07-30.01) - NTFSx86
Run by Compaq_Owner at 0:43:58.14 on Thu 09/17/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1214.187 [GMT -4:00]

AV: Trend Micro AntiVirus - Virus Protection *On-access scanning disabled* (Outdated) {9596F8E6-38C3-4C51-80B9-8C94D2E25B07}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1... Read more

A:Google Installer error and google redirect problems

Hello Ch2is, I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove one of these. Trend Micro AntiVirus or AVG Anti-Virus Free Let me know when you have removed one of them, and which one you removed.*********************Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Please download Java Version 6 Update 16
Click the "Free Java Download" button.
Click "Free Java Download" again
Save the file jxpiinstall.exe to your desktop
Close any programs you may have running - especially your web br... Read more

16 more replies
Answer Match 44.1%

Hello everyone!

Today I want to share with you another good extension, which:



Immediately after performing a search on Google, if one mouse-overs one of the results, one will see the true URL of the link. However, mousedown adds an ugly Google redirect to the URL. This add-on prevents that from happening.Click to expand...

Informations of the extension:



When we perform a Google search for someone else and find something useful, we often want to right-click the link directly in the search results and copy the link. Unfortunately, the link we will actually get is a huge URL with a Google prefix, rather than the original URL.

Google uses this for redirect for tracking, which may be reasonable, but makes it very inconvenient to copy out links.

This add-on disables the Javascript function that Google uses to create the redirect link, leaving the user with fresh, crisp links.

Note that the implication of this technique is that it will only work on Google sites where the redirect link is generated client-side. In particular, it does not work on Google Images, where the redirect link is generated server-side.Click to expand...


LINK: Remove Google Redirect in Google Search Results

This extension is avalaible for Mozilla Firefox and Firefox-based browsers.
 

A:Remove Google Redirect in Google Search Results

Ah most people might not know but an extension available in Chrome too. Always ran it since 2013 because the long links were a pain!

Heres the extension:


And here is the screenshot of my Chrome (see at the very bottom, screen capture didnt capture cursor but first link was hovered)

 

1 more replies