Over 1 million tech questions and answers.

Occasional Random Popups and Google Redirects

Q: Occasional Random Popups and Google Redirects

Hello i have currently experienced this problem and i don't know how to stop it. What happens is sometimes when i am on firefox a random popup comes up. It is not very often but it happens on websites like Google and websites i know that dont have popups. This problems also arose with the popups at the same time and that is sometimes i click a google link it redirects me to a random page. Some of these pages are free malware removal, shopping websites, and sometimes even yellow pages come up. I have experienced this for 2 days and have tried Super AntiSpyware and Malwarebytes with both saying i have no infections. I would appreciate any help as this is starting to irritate me.

RELEVANCY SCORE 200
Preferred Solution: Occasional Random Popups and Google Redirects

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Occasional Random Popups and Google Redirects

Can you post the logs from the scans performed with Malwarebytes and Super Anti-Spyware?

Read other 2 answers
RELEVANCY SCORE 83.2

For the last few weeks I have not been able to access classic google on firefox. Setting my homepage to http://www.google.com results in a "404 Not Found" page with "nginx" at the bottom. When I attempted to google the issue (using Google SSL) through firefox, certain links would redirect me to the Google SSL homepage. When using internet explorer 64 bit, I can access google, but I am often redirected to Google in a random language. I have uninstalled firefox and all addons multiple times but it has had no effect. I've downloaded Antimalware bytes, avast, and AVG which resulted in the removal of some viruses, but I can only assume not all. I've been following this guide thusfar http://www.bleepingcomputer.com/forums/topic34773.html . When I installed gmer, I wasn't able to deselect certain options, as most were grayed out, but I still scanned my computer and uploaded the log. 'g.png' that I've uploaded shows what I mean. Any help would be greatly appreciated.

A:Google Redirects to Google SSL, Random Popups, Can't access classic google

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 13 answers
RELEVANCY SCORE 82.4

A bunch of things are happening to my computer. My google is in german (everytime i change it it goes back to german), my google results redirect to ad sites, system defender is on my computer, and i a lot of random popups-__- please help!

DDS.txt
DDS (Ver_09-10-26.01) - NTFSx86
Run by Rainier at 22:14:54.51 on Sat 11/14/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.358 [GMT -8:00]

AV: System Defender *On-access scanning enabled* (Updated) {E35FD632-393B-4606-8E81-700B1355BD57}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: System Defender *enabled* {A5249CBB-A25F-4263-A814-62DFDB1C02B5}

============== Running Processes ===============

C:\Windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Windows\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\DropBox\DropBox\DropBox.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.ex... Read more

A:Google Redirects, Google is in german, random popups, system defender

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 81.6

Alright so I'm have several problems on my windows vista computer. When I click on Google links, it redirects me to sour.com. I currently have Avast, Malwarebytes, and SUPERAntiSpyware on my computer. All three of them are free additions. Avast will randomly pop up telling me it has blocked access to a harmful website when I'm not even on the internet. Avast will also move a virus called ha81naoo0o0_com[1].htm to the virus chest. In the last 12 hours I have had over 20 of these virus moved to the chest. The orginal location is C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4HMM0QO After the IE5\ it often differs however D4HMM0QO appears to be one of the most common.I run scans everyday, but SuperAntiSpyware is the only one that finds anything now. It generally finds about 100 tracking cookies everyday. Occasionally my computer will crash, it ethier says windows has detected some unknown error or memory management causing it to shutdown. Also 3 times when I came back to a windows pop up telling me an unauthorized change was made to windows and when i clicked tell me more it would send me to Microsoft site telling me to buy the newest version of windows. If I clicked cancel or exit, It would log me out. When I would log back in the same pop up would occur and the only way to get out of the cycle was restarting the computer. Also once msievec.exe lo... Read more

A:google redirects, random popups...

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 19 answers
RELEVANCY SCORE 81.6

I had the VirusSoft infection recently and thought I got it cleaned up, but have noticed that I'm getting redirects from Google searches, and the occasional random popup. Just recently I've noticed that some services are failing to start - Themes, DHCP, server, etc.AVG, MalwareBytes, SpyBot & Windows Defender all returning nothing.Since starting to run the info collection process, and failing numerous times to get GMER to run and having to kill power to the machine, it's started to produce a Windows popup during startup with now readable text. Apparently it's occuring before the Clipboard starts, as I can't get a screen shot of it.Thanks in advance for any help. It's starting to get annoying.Anyway here's the logs.DDS (Ver_10-03-17.01) - NTFSx86 Run by admin at 20:15:39.17 on Fri 28/05/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.361 [GMT 10:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\Program Files\VMware\VMware Tools\vmacthlp.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Pr... Read more

A:Google redirects & random popups

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable ... Read more

Read other 15 answers
RELEVANCY SCORE 81.6

Hello,I've picked up something bad from the internet in the last few days much to my chagrin. It will occasionally pops up new windows while I am browsing normally and when using Google it will redirect results (generally when the words "spyware" and "removal" were part of the search; however, it doesn't seem to affect it when the URL is copy pasted). Initially whatever I picked up had prevented the computer from even being restarted - it had affected the ntoskrnl.exe that is part of the OS and the sptd.sys (which I believe is part of DAEMON Tools) causing the system to bluescreen. I replaced the ntoskrnl.exe with a copy from a clean computer and deleted the sptd.sys and was then able to boot to Windows again. Now I just need to get rid of the leftovers.I have run antivirus (NOD32) and Spybot but the problem still persists. Thank you in advance for any help you can offer. I have disabled emulation using DeFogger as was recommended in the preparation post. I've run both DDS and GMER and here are the logs:DDS LOG:DDS (Ver_09-12-01.01) - NTFSx86 Run by S at 19:17:42.06 on Mon 02/22/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1219 [GMT -8:00]AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS&#... Read more

A:Random popups and google redirects

Good evening. Can you tell me what NOD32 FiX is in your "installed programs" list?

Read other 3 answers
RELEVANCY SCORE 79.6

This computer is at a remote office that is only used 2 days a week. Last Thursday I started the computer up and the windows xp theme was not there, it was the classic windows theme and the xp theme was not selectable. I also started getting redirected when clicking on google links and the windows debugger keeps popping up and crashing. I have run AVG, adaware, spybot S&D and nothing has been successful. I can correct the xp them problem by manually restarting the theme service (which is set to automatic) and the debugger problem by disabling it in internet options; but these problems come back if I restart the computer. I have tried everything I know to do and need some help! Thanks in advance.Note: This computer connects to a server for scheduling appointments (will be either TIMS, audiology, or NOAH)HJT log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:47:48 AM, on 6/3/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exe... Read more

A:Google redirects, random popups, windows debugger

Hi and welcome. My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-GMER log-Description of any remaining problems you may still have.With Regards,Extremeboy

Read other 2 answers
RELEVANCY SCORE 79.6

I was given this computer a couple years ago. It has always had its problems, but recently Google has been getting re-directed more and more, and now new Firefox windows will randomly pop up when no action is taken. On top of that, occasionally a svchost.exe will hog resources to the point that even the mouse becomes slow. Killing the process will temporarily alleviate the problem. Also for some reason my task bar will randomly re-size itself without warning.

There are several orphaned start-up programs in msconfig that don't necessarily seem to lead anywhere, but won't disappear. As an added, sexy bonus there is an extra Windows XP installed on another partition from a service tech's earlier attempts to revive my computer from an earlier, fatal crash (partially related to a problem with the power supply, which has since been replaced). I can't tell if it props up the normal Windows installation, adds to the bugginess, or does nothing at all. Removing this version of Windows (or at least the option to select it over my preferred installation), getting rid of the old startup programs and eliminating other, unnecessary running programs would be awesome if anyone would have time, but killing off the infection alone would make me happy. Thank you for your help!

Below are the DDS file and GMER thingie.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 0:17:45 on 2011-06-29
Microsoft Wi... Read more

A:Google redirects, random popups, and MASSIVE slowdowns

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 44 answers
RELEVANCY SCORE 79.6

A few weeks ago, my PC became infected with a virus called AntivirusSoft. I used MalwareBytes to remove most of it and followed the instructions on http://www.2-spyware.com/remove-antispyware-soft.html to remove it fully, or so I thought. Soon after removing it, My computer has still been acting strange. While browsing the internet (Firefox 3.6.3), new tabs will randomly open and take me to sites that are usually advertisements. When I try to click a link on Google, usually I am redirected to one of the aforementioned sites. Also, after my PC has been running for a while, I become disconnected from the Internet, I am not able to execute programs, and sometimes the desktop disappears completely, leaving just my wallpaper.Here is my DDS.txt:DDS (Ver_10-03-17.01) - NTFSx86 Run by Ben at 23:41:07.70 on Thu 06/10/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1149 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Common Files\Java\Java Update\jusche... Read more

A:Random popups/Google link redirects (might be AntivirusSoft)

GreetingsOne or more of the identified infections is a Backdoor Trojan. - TDSS rootkitThis could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:... Read more

Read other 5 answers
RELEVANCY SCORE 79.6

Hey everyone. I'm a fairly experienced PC user running both anti-virus and firewall software, and I've always been able to handle infections, but this time it's different.

The other day I tried searching for help in Diablo II on Google, and after clicking on several sites and finding that they were all fake/ad sites, I began to receive AVG, ZoneAlarm and Windows Defender alerts. I immediately ran the usual barrage of scans in safe mode (CCleaner, MBAM, SUPERAntiSpyware, AVG, Windows Defender), which discovered and eradicated over 20 issues all together that weren't there before.

None of that resolved the problem. My Google searches get redirected, random ads will pop up in a new tab (Firefox), and I still get alerts from my security programs; I've since performed daily scans (like above) and every time they find another infected program on my PC. I also can't seem to update Windows (XP, Service pack 3); whenever I try, IE says it can't connect to http://windowsupdate.microsoft.com/ (Firefox can't reach it either). I can't even hibernate my PC anymore for some reason. And just now, when I finished writing this up and tried to submit it, I got a "connection was reset" error in FireFox, though my internet is running fine and I can access any other page on the site; this is the same error I get when trying to update Windows (I've tried submitting numerous times, finally I had to submit on a separate computer).

I was ... Read more

A:Google redirects, random ads/popups, reocurring infecions...

Read other 10 answers
RELEVANCY SCORE 79.6

MSIE Version 8.0.6001.18702Build 86001My "XP Home" IE8 based computer is suffering from random redirects from google links and popups. The behaviour is very similar to that described here:http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller."Google search result links will be redirected to unrelated sites. When you search through Google and click on one of the search results, instead of going to the correct page you will instead be redirected to an advertisement." Quite often the redirects and popups are to "epoclick" and "google-analytics" which may or may not be legit.I do not see the other behaviour typical of TDSS, like the inability to run certain programmes or AV products.I have run TDSSKiller from the Kaspersky website as advised in the above self-help article. No infection was found, although I removed 1 "suspicious item" which it discovered. I have also run Antimalwarebytes (nothing found), Avast antivirus (nothing found) and Spybot S&D (nothing found). I ran HiJackThis and used an online analyzer to "fix" a couple of suspect IP addresses, but nothing immediately obvious was flagged. Unfortunately I must confess I have also run CombiFix before I saw the warning on this website not to do so. During this process I installed Microsoft Recovery Console.None of the above has cured the google redirects and random popups.I have followed the Preparation Guide and ... Read more

A:Google redirects / Random popups / like TDSS infection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the ... Read more

Read other 18 answers
RELEVANCY SCORE 79.6

Hi,

I am fixing my sister in law's PC, and typically MBAM will take care of most problems she's had but this latest one or combination of malware/virus has persisted. I do have an MBAM log which I can attach upon request. Any google search gets redirected when it is clicked on in IE, and IE will freeze after about 5-10 minutes, Google Chrome will not even load a page at all. There are also random pop ups to sites like "petside.com" or "addedsuccess.com". The computer seems slower, and one of the svchost.exe processes seems to be using an inordinate amount of memory/CPU resources. TDSSKiller did not find anything, I ran it after running MBAM. Also, when attempting to run Super Anti Spyware the desktop will disappear and I am not able to get back to it though if I ctrl+alt+del I can see it briefly still running before I am locked out again. If there is anything else I need to post let me know. Thank you for your help.

Windows XP Home SP3.

A:google redirects, random popups, and system slowdown

TDSSKiller has been updated. Delete your existing version and follow these insrctions.Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.
Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.Any objects found, will show in the Scan results - Select action for found objects and offer three options.If an infected file is detected, the default action will be Cure...do not change it.
Click Continue > Reboot now to finish the cleaning process.<- Important!!
If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.A log file named TDSSKiller_version_date_time_log.txt will be created and ... Read more

Read other 7 answers
RELEVANCY SCORE 78.8

Greetings,First off, thanks for any assistance you can provide. The situation has been worse before I make this post, but I've managed to kill most of the infection through other help sites. The problem that has been getting me is what came with the malware- a rootkit, as far as I can tell. MBAM and AVG both don't seem to detect any problems, but GMER detects problems with atapi.sys. I've already tried to fix it by using recovery console and a spare copy of atapi.sys, but as far as I can tell, it hasn't done a thing.The source of the original infection was ave.exe. As far as I can tell, it's been taken care of, but the rootkit might be preventing me from cleaning up any remnants.Symptoms (from what I've experienced already) are redirects from google, random new tabs leading to ad sites when firefox is up, and iexplorer occasionally popping up by itself (hasn't happened lately, though). In the beginning of this fiasco, pages have been closing by themselves for no foreseeable reason. Before that, due to the remnants of a previous infection, my address bar in explorer windows will reset after typing for a couple seconds and my computer won't go into standby or hibernate.Combofix had been run to clear the original infection, and when I discovered the rootkit and replaced atapi.sys with a clean copy, I ran it again and it deleted some stuff, but the symptoms persist. I'll attach the last log I got from it with my other stuff, if it helps. TDSS K... Read more

A:Google redirects, problematic atapi.sys, random iexplorer.exe popups

Hello plainoldconnor Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.I need for you to perform the following:Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run... Read more

Read other 13 answers
RELEVANCY SCORE 78.8

Hello, i am having an issue with random IE popups which seem to go several different places and even pop up when i am not connected to the network, giving me an empty IE window, also extra tabs in Mozilla Firefox will open to Microsoft file association page for PDF's. Another problem is when i click any link from google about 80% of the clicks result in a few unwanted redirects (a real estate website a recording artist website and an air pellet gun website)


as for the 2 log utilities i was asked to post, i get an error from DDS

"not enough main memory to complete the sort"

and as for GMER i get the encountered an error must close window


i am sort of at a loss here as to what i should do, i thought that the b.exe problem i had was the cause of this but i have eradicated that issue, and this one still persists.


Thanks to anyone who can help,

Duckbitesman.

A:Random IE popups/ Google redirects - can't post requested logs

Hello and welcome to TSF

Let's try to get a GMER log. You must have extracted gmer.exe to your desktop for this to work.

Open Notepad and copy/paste the text in the quotebox below into Notepad:


Quote:




@echo off
copy /y gmer.exe omer.exe
start omer




Save this as run.bat Choose to "Save type as - All Files" next to gmer.exe
It should look like this:
Double-click run.bat & allow it to run.

Then, use these settings to produce a log.
If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it to your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

===========
Download RSIT by random/random and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.... Read more

Read other 2 answers
RELEVANCY SCORE 77.6

Hello,

Yep, I have been nabbed by that pesky popup (sponsored ads) in the bottom right hand corner of my desktop. A lot of times it looks like a iPhone, but mostly it takes on various shapes and sizes. I used to get redirects as well, but those seem to have faded since running Spybot. Any help is appreciated!

Thanks, Casey

A:Popups on bottom right with occasional redirects

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 5 answers
RELEVANCY SCORE 73.2

I use the word "Occasional", because it's not for ~all~ links, but always the same ones. The Trojan installed an Ask.com toolbar, and insists on disabling Windows Firewall / making Internet Explorer my default browser. Also noticed that one of the svchost programs (the one dealing with internet, apparently) is taking up far more memory than it usually does.

.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_16
Run by Kajiri at 13:56:40 on 2011-06-19
AV: Windows Live OneCare *Enabled/Outdated* {2E6C4BAB-3371-CD46-62DC-0E0A86B42619}
SP: Windows Live OneCare *Enabled/Outdated* {950DAA4F-154B-C2C8-586C-3578FD336CA4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Windows Live OneCare *Enabled* {1657CA8E-791E-CC1E-4983-A73F78676162}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\... Read more

A:Tracur & Occasional Google Redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 14 answers
RELEVANCY SCORE 72.8

I started getting some random link redirects in the latest Firefox (with Adblock Plus and NoScript) and Opera browsers to sites like "askthecrew.net" as well as others which I cannot recall. It's occasional and doesn't seem to be website specific. I'm not sure if it's related but not long after noticing the redirects my Windows User Account control settings were reset from never notify to default. I had NOD32 version 4 installed and ran a scan which found malicious java files in the temporary folder. I uninstalled NOD32 and installed the latest version of Kaspersky Internet Security, yet some time later I started getting the same occasional redirects with no malicious files detected in a scan but with at least some of the malicious links blocked by Kaspersky. As an example some of the links appear as xx.xxx.xxx.xxx.com/favicon.ico.

I have run Malwarebytes, TDSSkiller, TFC, aswMBR, and few of the online scan tools with no results.

A:Occasional link redirects to random sites such as "askthecrew.net"

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwar... Read more

Read other 15 answers
RELEVANCY SCORE 72.4

Please disregard, sorry.  I got through it on my own, eventually.  This thread can be closed or deleted  (I'd do it, but can't figure out how.)
 
Windows XP machine, running IE8. 
 
I started noticing when entering a Google search in the search box in the upper right corner of IE8, the window immediately closes.  I can search Google by going to www.google.com, but sometimes that results in redirects. 
 
IE8 also closes randomly during other, non-Google activity.
 
I use Symantec Endpoint Protection for A/V (corporate-installed) and the "green dot" on the shield in the tray icon no longer shows up -- just the shield with no dot.  (Presumably SEP is partially disabled.)
 
I have run Malwarebytes Anti-Rootkit - it removed four items - 1 dll file and 3 registry entries, but I still have the issues described above.
I ran Malwarebyes Anti-Malware - it found no threats.
I ran TDSSKiller.exe - it removed one threat, but yet I still have the issues.
 
Any advice on what to try next would be greatly appreciated!

A:IE closes intermittently, occasional Google redirects

Closed per your request.

Read other 1 answers
RELEVANCY SCORE 72.4

In the "Am I infected with a redirect virus/trojan?" forum, I posted about how i found myself redirected to 62.122.74.109 when I clicked on a yahoo search result. BoopMe has been looking into this for me and after looking at some logs determined that I should move to this forum.

The link to that discussion is here:

http://www.bleepingcomputer.com/forums/topic431206.html/page__st__15__p__2508586#entry2508586

Boopme asked me for a dds.txt log and also gmer. The gmer was taking forever to run. It did finish overnight. I have included it below. I'm sending the dds.txt via private msg to boopme. I hate posting it here because it (like one of the other logs earlier) shows how much of a mess my computer is and how much junk on it I haven't cleaned up. I'm embarrassed!

Here is the gmer.log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-15 06:36:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1234GSX rev.AH001D
Running: gmer.exe; Driver: C:\DOCUME~1\regina\LOCALS~1\Temp\uxlyqpod.sys
---- System - GMER 1.0.15 ----

SSDT 8694F440 ZwAlertResumeThread
SSDT 867999F0 ZwAlertThread
SSDT 86F27A70 ... Read more

A:occasional strange yahoo/google redirects

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432696 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 71.6

Hello,

Like many others, it seems, I am experiencing difficulties with all searches on Firefox and IE being redirected to advertisement sites. Also, every so often a new tab will randomly open to an advertisement site.

Additionally, I have experienced the error message "Host process for windows services stopped working and was closed" about a dozen times. After this happens, Windows Media Player will stop showing the time countdown for songs and videos, and Firefox windows will look more like a Windows 95 window (hard to explain, but the smooth looking display common to Vista seems to be replaced by a more rigid display in the window).

All of this started happening yesterday. First, I experienced non-stop warnings from Sysinternal Antivirus. I followed some directions from a Google search and managed to get those to stop. But now I'm stuck with this other problem of persistent pop-ups and other problems.

The computer is 2 years old, so I have no idea where the Windows CD is.
Finally, I wasn't able to compress the two requested files with anything other than WinRAR (it was the default option when I followed the instructions, and I couldn't find the Windows Zip utility), so I just attached both txt files. I hope this isn't an issue.

Thanks in advance for any help that can be provided!



DDS (Ver_10-03-17.01) - NTFSx86
Run by Matt at 20:05:20.87 on Sun 06/06/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
Microsoft? Windows... Read more

A:Google Redirects, Random Popups, "Host Process stopped working"

Bump, please.

Read other 19 answers
RELEVANCY SCORE 71.6

When I use Google the search links redirect to other sites about 50% of the time and will go away and return without any obvious reason. I will click on the search result and be taken to a site like informationgetter.com, bcckools.com, "randomnumber".blueseek.com, etc. I am running Windows Vista Ultimate.

I've tried combofix, Avast, AVG, Ad-Aware, IObit, and Malwarebytes in both regular and safe modes. Below is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:17 AM, on 12/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C... Read more

A:Occasional Redirects to other Sites from Google Search Links

Read other 6 answers
RELEVANCY SCORE 70.8

Hi,

I've been getting frequent redirects with Google and Firefox (the latter has since been removed), new window pop-ups and slowing performance that occasionally ends in a complete freeze-up (unrelated to the current -14C outside). Add to that my desktop icons are sometimes AWOL, and I'm about to get out my slide-rule. I've run Malware, AVG, Glary Utilities and nothing comes up.

I've attached my DDS and GMER logs below. Any thoughts, insight, or suggestions to put the machine out in the -14C are all appreciated.

Thanks,
Edna B.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Heather White at 21:17:35.83 on 23/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2550.1826 [GMT -8:00]

FW: Norton Internet Worm Protection *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\h... Read more

A:Google redirects, pop ups, occasional icon-free desktop AND freeze-ups

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issu... Read more

Read other 12 answers
RELEVANCY SCORE 70.8

I started a topic in the virus/malware section but the problem could not be solved there and was suggested to remake the thread here.

Basically Windows starts up with the WSC disabled, flagged in the Action Centre taskbar icon, when clicked to start it up a popup shows that the "service can't be started". Within Services.msc changing it start up automatically and starting the process turns it on for less than 1 min before disabling itself and when trying to start it again gives an "Error: 1058".

Also have a Google redirect problem which is intermittent - sometimes happens, sometimes not. The programs in the malware/virus forum thread below (or listed below) is what I have tried and failed to pick up any threats and therefore failed to remove any possible virus/malware causing the redirects.

http://www.bleepingcomputer.com/forums/topic447742.html shows what I have tried to fix the problems but to summarise the programs used... FixTDSS, aswMBR, GooredFix, ComboFix, TDSSKiller as well as some general settings within Win 7 - registry edit, services.msc, Locals and User Groups Manager.

As you can see lots of different things have been tried and unhelpful so any extra help would be greatly appreciated in resolving the matter. Thanks in advance.

A:Windows Security Centre cannot be started/Occasional Google redirects

When you attempt to start a service manually, you may receive the following error message: Error 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. For Windows 7 and Windows Vista, follow these steps:1.Click the Start button, then type Services in the Search box.2.Click Services in the results pane.3.Scroll through the list until you find the service that is stopped or disabled.4.Click the Log On As tab.5.If the service is listed as disabled for your profile, right click the service, then click Properties.6.Click the Startup type dropdown list and choose Automatic, the click Apply, then OK.

Read other 7 answers
RELEVANCY SCORE 70

My Google and Yahoo results (and some others, at times) are being redirected the first 4 or 5 times I click. Beyond that, they go through. I'm also getting occasional webpages loading (or attempting to) without clicking on anything. I've run Spyware Doctor (cleared up some issues), Malware Bytes (got some others) and Spybot S&D. All are now coming up clean, but the problem persists. I've done a HJT scan, but wasn't sure what to do with the results, so I've come here for help. Currently I've got the No Scripts add-on to firefox, which is helpful in keeping things at bay. Suggestions?

A:Google/Yahoo redirect with occasional unsolicited popups

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Read other 3 answers
RELEVANCY SCORE 68.8

I'm not sure if this is due to a virus or a laggy ISP, but I have been receiving lag every once in a while on my reformatted hardrive. There are popups every now and then when I click a link, even from trusted websites. Links from google show up blank, and I have to re-enter the URL for it to load (not sure if this is related). I use Firefox with Windows 7 and below is a HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:47:38 PM, on 8/15/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page ... Read more

A:laggy internet, occasional popups, google links not loading properly

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/414600 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the low... Read more

Read other 15 answers
RELEVANCY SCORE 65.2

Hello,I have been lurking bleepingcomputer as a non-member for a while now. I typically am able to find the instructions to fix almost any problem a computer (be it mine or a friends) has from your forum. Now it seems I am unable to find the solution to my specific problem, so I finally signed up as a member! My problem is similar to all these redirect virus issues I have been reading, but slightly different and not quite the same.Here's the problem:Randomly when I am browsing the internet, every now and again a site that I come across (typically while using StumbleUpon [Firefox Add-On]) will redirect to some completely random site. It doesn't appear to follow any pattern, and has redirected to various different websites. The websites I am redirected to are rarely the same website I was redirected to before, the only exception being theclickcheck.com and yellowpages.com, both of these websites I have been redirected to more than once. Additionally, even if I don't have a browser open a pop-up will appear in a new window. If a browser is open, the pop-up window error will occur more frequently it seems(in a separate window, not a separate tab). Also, I noticed each redirect or pop-up goes through google-analytics.com, so this may still be the google redirect virus, but I am unsure.I have had this issue for about a week now, and I have been unable to get the time to really find the problem. I wish to do online banking, bill paying, and the what not but fear that... Read more

A:Random redirects and occasional pop-up while browsing with Firefox (particularly when using Firefox Add-On StumbleUpon)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

Read other 3 answers
RELEVANCY SCORE 64.4

So lately i dont know when it started, but recently i tried to use search engines on google and it redirects me to some other site. I also get random popups during my internet usuage. I've always scan my computer everyday. Im using Microsoft Sercuity Essentials. I even had my girlfriends mom take a look at it. She did some system config thing. And now sometimes my comp just locks up. Plz helpLogfile of Trend Micro HijackThis v2.0.4Scan saved at 9:36:41 PM, on 5/29/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:... Read more

A:Keep getting Redirects and random popups

Hello, Track.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksShould you still require assistance, please take note of the points below:Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad. The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.Please do not install, update, or run any programs for the duration of the fix.If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.If you are running Vista, please run all the fixes as an administrator. This is done by right... Read more

Read other 9 answers
RELEVANCY SCORE 64.4

I am running Windows XP; i have tried using SuperAntiSpyware, Malware Bytes, Microsoft Security Essentials, and Spybot Search and Destroy...yet none have fixed the problem.

Internet Explorer keeps giving me popups. Firefox as well. firefox gave me numerous popup (tabs), but IE is actual windows. they're usually to just my homepage (www.m.yahoo.com) but sometimes it is for computer jargon to a search engine. Occasionally McAfee will stall up; and it says it's not enabled, and i can't enable it. I had a problem with the fake microsoft security shield; but tthat was removed...at least i think it was. does anyone know if there's something i'm missing in the hijackthis log listed below?

I Have since uninstalled firefox; and am only using IE right now (newest version). i have also uninstalled malwarebytes (every scan i did it did not produce any results). had a few tracking cookies removed via superantispyware and that's about it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:09 PM, on 12/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\sy... Read more

A:Random IE/FF Popups/redirects (that everyone seems to be having lately)

Hello and welcome to TSF.

We need the GMER log too. I don't see it attached. If you have it, please post it. Otherwise, please download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Read other 2 answers
RELEVANCY SCORE 64

I've been having this problem for a while now and I have no idea how to fix it. Random ads pop up in the corners of my window and sometimes when I click on a link on the page I am on it will take me somewhere else.

A:Popups in corners and random redirects

Hello and welcome to TSF.

We require a comprehensive set of logs to determine the presence of malware. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 2 answers
RELEVANCY SCORE 64

Good day, and thanks for any help you can provide.

This occurred last night when I went to a website and it must have given me a Trojan as this morning its causing redirects from search engines, sending me to malware sites (already had to scrub Security Shield off). I keep getting two results from MalwareBytes, but they seem to be re-creating themselves on restart. I use TDSKiller and it cleaned one item, but the problem persists. It blocked my MSE and in following the help topic, uninstalled to reinstall it, but the malware seems to be block Windows Installer.

I'm running Windows 7 64-bit

Again, any help would be greatly appreciated. Thank you.

Here is my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Keefer at 11:40:08 on 2012-07-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4076.2663 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\S... Read more

A:Random Website Popups and Redirects

As a further update to this post, it seems MalwareBytes is capturing a common process when trying to clean the machine: Trojan.Dropper.BCMiner
I typically get one or two other results, but this Trojan is the common one always there.

Read other 3 answers
RELEVANCY SCORE 63.6

Hi, one of the great volunteers here helped to clean my wife's laptop when she was getting her Google search results redirected some time ago, and the forum comes highly recommended from her so thank you for the previous help we've had!

I have similar problems on my desktop PC now where periodically my Google search results are going astray (mostly to a .302 Found page or other generic "search results" page). I am also getting popup windows in Firefox (which Adblock Plus doesn't seem to notice) which either go to Google.com by the time I navigate to them, or have the status bar saying they're waiting for response from Google Analytics. I haven't had the time to do all the prep work before today but previously I tried running Spybot Search and Destroy but it wouldn't open at all. I followed internet advice on that one to find a randomly named duplicate .exe and was able to run Spybot eventually but it didn't pull up anything much.

I don't know if it's important or related, but I also ran a HijackThis scan before coming here and loaded the logfile through their website to scout for problems. There were 4 entries they listed as "Nasty" which all had an unknown IP address as part of the entry. Unfortunately, I did not get a chance to save this log file before my computer crashed, and these lines have been removed so I am unable to advise what the IP address was.

I have DDS and GMer logs here, again I don't know if... Read more

A:Google redirects and google analytics popups

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

Read other 24 answers
RELEVANCY SCORE 63.6

Hi, my name is Jacob and Google on all accounts on my computer keeps redirecting. I have tried many things, Setting proxy settings to not use a proxy server, Malwarebytes anti-Malware, Sunbelt Vipre, CCleaner, TDSSKiller, I even flushed my DNS Caches but nothing worked, google keeps redirecting and the proxy settings keep going back to using a proxy server.
Here are my logs
DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by jacob admin at 0:06:36 on 2011-07-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2520 [GMT -4:00]
.
AV: Sunbelt VIPRE *Enabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Phantombility\Phantom CD\pcdservice.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\... Read more

A:Have TDSS and Google redirects, occasional popup (probably associated with the TDSS)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 18 answers
RELEVANCY SCORE 63.2

Hello. I have been getting a lot of google redirects and popups when searching. Also, my svchost.exe process keeps using more and more memory until my computer is slowed to a crawl. I have run every antivirus program I have but have had no success.
Thanks in advance

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Brandon at 9:58:22 on 2011-06-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.272 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\E... Read more

A:Google redirects, popups, and more

Please post the ComboFix log(s)then please run this programPlease download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan
Only if Malicious objects are found then ensure Cure is selectedThen click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)

Read other 10 answers
RELEVANCY SCORE 63.2

I'm working on a friends PC that has tons of popups and redirects. I ran MBAM and it removed a lot of malware but the problem continues. Random redirects, popups and links that don't go where they should. Another friend suggested ComboFix but I have never used it. I ran it and said the PC has a rootkit and told me to right this down:
Service: TCPIP
Path: C:\Windows|system32\Drivers\tcpip.sys

Can someone please help me clean this up? Thanks.

Sorry, was trying to run the logs but never got gmer.exe to run all the way through.

A:Google redirects and popups

Hello,Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/341254/anti-2010-and-other-malware-redirects/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.Please be patient. It may take several days to g... Read more

Read other 1 answers
RELEVANCY SCORE 63.2

copied from my other thread, posting log at bottom.

I've been having problems with my computer for a few weeks now. At one point, things started slowing down. I ended up scanning, was told to reboot and my computer wouldn't finish starting back up. It just looped over and over. Reformatted, all seemed well for awhile. I started out using avast, but everytime I opened up firefox it would give me a warning, telling me that my computer was trying to connect to a malicious site. This happened with other browsers also, I tried a few of them. note: back to using avast.

Now, whenever I search for something on google.. I get redirected to websites I've never visited before. Once in awhile, firefox will open with multiple unknown websites open. I get notified about different things trying to open up a malicious website, such as firefox.exe and svchost.exe. Those two are the most common, but there have been a few others. It tells me that it's been blocked, and happens again soon after. This is pretty frequent.

If my computer is left untouched and running for awhile, my sound no longer works. I have to reboot to get it working again.. Sometimes the windows theme will revert to classic. I have no problems with any of this while I'm not connected to the net, though.

I've scanned with avast and malwarebytes, once in awhile I'll find infected music files that I don't remember owning on another drive. I remove them, but it doesn't seem to fix anything.... Read more

A:Google redirects, popups.

Hello battles ,Download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan
If Malicious objects are found then ensure Cure is selectedThen click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)Thanks,tea

Read other 13 answers
RELEVANCY SCORE 63.2

Hello, first time user and computer novice here...

I have been having problems with my computer over the past few months. Had the Anti-spyware virus and received some help in getting rid of it, but now have lingering problems with my search engine (Google) to the point I use it but manually type in the search results. Still with that I am getting from time to time popup windows.

I was using Avast (home version). I switched to a product I purchased from Wal-Mart, Fix-It Utilities 10 from Avanquest. It seems to work as well as the rest, but it cannot locate what is still causing the above problem.

I reviewed some of the other threads and ran some of the reports, which I can forward for your review (mbr.exe, look.bat, rootkit unhooker).

Any help would be appreciated.

Thanks and regards

A:Google redirects and popups

Sorry, did not follow instructions per the "first steps"... here are the DDS and GMER attachments:

Here is the DDS.txt file...

DDS (Ver_10-03-17.01) - NTFSx86
Run by Red River Music at 20:19:37.29 on Mon 06/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2196 [GMT -5:00]

AV: Avanquest Fix-It *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
svchost.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask2.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Intuit\Qui... Read more

Read other 3 answers
RELEVANCY SCORE 63.2

Spybot found a trojan and removed it a couple days ago. It now detects nothing, but I am still getting redirected to wrong sites when following google results. Occasionally a new tab opens in firefox and takes me to various unknown web sites.

DDS txt:


DDS (Ver_10-03-17.01) - NTFSx86
Run by hecktate at 21:45:49.23 on Wed 08/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2703 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\hecktate.NOIR\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar =
mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\wi... Read more

A:Google redirects and popups.

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it sh... Read more

Read other 17 answers
RELEVANCY SCORE 63.2

I don't know if you guys can help me, but yesterday I opened up IE and when I googled something from the toolbar, I got to the results page and every link i clicked took me to some random ad-filled search engine or Bizrate.com. Firefox works fine. I tried Search and Destroy, but it's still the same. Then I backed up my files and used system restore. It looked like it worked. BUT 30 min later I got a popup from Bizrate! I wasn't even using IE.

I tried to complete the DDS, but gmer.exe keeps crashing. The 2 txts are below. Thank you!



DDS (Ver_09-12-01.01) - NTFSx86
Run by Philip Godbout at 1:58:12.30 on Sun 12/27/2009
Internet Explorer: 7.0.6000.16945 BrowserJavaVersion: 1.6.0_15
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1662.837 [GMT -8:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalSe... Read more

A:Google Redirects and popups - IE only

Hi,

Please do the following:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2



**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

Read other 7 answers
RELEVANCY SCORE 63.2

I managed to get a few viruses on this computer and have successfully removed some by using MBAM, but still have google links redirected and popup ads that come up. I tried following the instructions posted, but everytime I go to save my gmer scan results, my mouse pointer turns into the hourglass, and just never gets out of it. As such, I've at least included my DDS log and the attach.txt file.

If the GMER scan is essential, can anyone help identify why it freezes up on my computer? Any help is greatly appreciated!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Jay at 8:34:49.00 on Fri 01/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1168 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C... Read more

A:Google redirects and popups

Let's try this version of gmer. We're going to try running it in a different fashion, also.


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click the exe file.
The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
In any case, after the initial scan is complete, click on the Save button, and save the log file somewhere you can easily find it, such as your desktop, and attach it in reply

---------------------------------------------------------------------------------------------

Make note of anything in the gmer scan should it freeze again.

Read other 19 answers
RELEVANCY SCORE 63.2

Hello,I originally posted in the Am I Infected What Do I Do? forum, but I'm coming here because that didn't do the trick. In addition to running AVG Anti-Spyware 7.5, I did everything as layed out on the "before you post your hijack log" topic. I started getting these antispyware malware popups (winantivirus, systemdoctor, a few others i can't remember as they're more infrequent) in IE, so then I started exclusively using firefox...now that gives me as many problems. Recently, I've been getting a lot of redirects to tangentially related websites (example: if i'm on youtube, i'll be redirected to another video website) in addition to the malware popups. My computer definitely runs slower than it used to and freezes much more. usually the problem has been explorer (not IE) freezing up. So now I'm wondering what the next step to take is. Thank you in advance.Logfile of HijackThis v1.99.1Scan saved at 6:08:02 PM, on 10/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Internet Security... Read more

A:Winantivirus, Systemdoctor Popups, Also Random Redirects

Hi eddieizzard You got some infections there...Please rename HijackThis.exe to Scanner.exePost a fresh HijackThis (scanner.exe) log to here.

Read other 1 answers
RELEVANCY SCORE 63.2

Hello,For the past few days, whenever use Internet Explorer or Firefox to perform a search in Yahoo or Google, the search comes up with matches, but when I click on one of the links, usually a random ad pops up that has nothing to do with my search. Just before the ad pops up, the browser sometimes redirects to cl1i1lc1ilk.com, then the ad pops up.If I type the URL of the match directly in, it comes up fine, but all this typing of URL's is getting old.By the way, performing a search on cl1i1lc1ilk.com is how I found this forum. It seems at least one other user had the same problem, and you were able to help him out. I hope you can help me too.I ran Spybot Search and Destroy and AdAware, but the redirects are still there.Here is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Dawn at 10:04:14.59 on Wed 06/09/2010Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2039.790 [GMT -7:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:... Read more

A:Search Engine Redirects to Ads/ Random Ad Popups

Hi G80,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. If the problem is not resolved please update me on the current issue and do the following:Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:[email protected] OFFif exist mbr.log del mbr.logmbr.exe -t ping 1.1.1.1 -n 1 -w 1500 >nulstart mbr.logGo to the File menu at the top of the Notepad and select Save as.Select Save in: desktopFill in File name: look.batSave as type: All file types (*.*)Click save.Close the Notepad.Locate look.bat on the desktop. It should look like this: Right-click to run it as administrator.A notepad opens, copy and paste the content (log.txt) to your reply.

Read other 7 answers
RELEVANCY SCORE 63.2

Was having random browser redirects and popups in Firefox
AVG & Malwarebytes found nothing.
Ran some misc fixes based on forum entries.
Computer seems better but would like confirmation that there is nothing lurking.
Ran scans based on "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help"
DeFogger
DDS
GMER

Can you review the attached scans, and let me know if any further action
is required.

Thanks

A:Random browser redirects and popups in Firefox

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 63.2

Last night i found two unknown processes in my task manager, i deleted both from the Temp folder but now i have random pops on Skype suggesting an security update is needed, i get redirects when i use Google, i can usually get thru the second or third time i try to search...and i cant update Spybot, or Malware AntiMalwarebytes....i suspect i have a hidden malware.I ran Spybot many times, and found a trojan and it killed it, ..and Malware found a bad thing too, but now neither finds anything bad. but i still get the popups, get redirected to some generic scam sites....and cant update the two active anti virus scanners i use. I intalled Avira but it has not indicated anything wrong yet. I also turned the XP firewall on as instructed.I have posted the requested logs below:and will await instructructions. I have Avira Anti Virus installed and i cant turn it off ..so i will have to uninstall it when we start the work. There is no way to disable it that i have found. btw.thanks in advance for help on this, and i will keep scanning with Malwarebytes....in hopes of finding the culprit.cheers and thanks...and to save time, i wont change my IE browser version ..i use IE6 for several reasons..so just to save time on that. thanks.PS tonight for a while i had a new program running in my task manager called dllhost.exe...i had not seen it before... i found a program with that name in the Sys.32 folder but was not sure if it was what was runnning. I want to get this posted and into the ... Read more

A:Browser Redirects, random popups, can't update

Hello and welcome to Bleeping ComputerPlease refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OTL from this link.Save it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in:netsvcsmsconfigactivexdrivers32%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32ahcix86s.sysnvrd32.sys/md5stop%systemroot%\*. /mp /sCREATERESTOREPOINTClick the Quick Scan button.The scan should take a few minutes.Please copy and paste both logs... Read more

Read other 21 answers
RELEVANCY SCORE 63.2

Foolishly I was careless the other day when trying to watch some movies online, and in my frustration to find something to watch, I clicked somewhere I shouldn't have, clearly, and now my computer is very upset with me.

Here are my symptoms:

Can't run System Restore. Error message: "System Restore has been turned off by group policy. To turn on System Restore, contact your domain Administrator."

Can't run Task Manager, error message: "Task Manager has been disabled by your Administrator."

I cannot start in Safe Mode. When I choose safe mode my computer just turns off and restarts on its own. Sometimes on restart it wants to do a disk check.

I can't run malware bytes, it just searches forever for itself and if I choose 'browse' and find (what I think is) the right file, it just doesn't do anything, won't open. I tried changing the name of the file as someone suggested to me but it didn't seem to do any good. I tried to reinstall Malware bytes but now it just says "Unable to execute file: C:\Program Files\1\mbam.exe CreateProcess failed; code 2. The system cannot find the file specified."

When browsing I get a ton of popups. Some from the browser, some from windows. For example, windows start bar popup: "Click here to protect your computer from spyware. Your computer is infected!" Browser popups: "The Art Institute of San Francisco." "Stopzilla" "Download Registry Defender - Win... Read more

A:ShopperReports, random popups, redirects, many programs won't run

I can't figure out how to edit my post to add new info...but I wanted to add a few more things in hopes that it would help someone determine what is wrong with my computer.

For one, on startup now every time it shows me this message: ""Worm.Win.32 Netsky detected on your machine. This virus is distributed via the internet through email and active-x objects. This worm has it's own SMTP engine which means it gathers e-mails from your local computer and re-distributes itself. In worse cases this worm can allow attackers to access your computer."

Also, my background image now says, "Your System is Infected!" in big red letters.

As of this morning a new antivirus program seems to have downloaded itself onto my desktop. It is called "AntiVirus Plus"

And everytime I open mozilla or IE it crashes. Until I have decent advice I'm leaving the computer powered off since I cannot open in safe mode.

Read other 3 answers
RELEVANCY SCORE 63.2

Hi,

I recently managed to get the Antivir Solutions virus on my computer. After much work and restarts and full scans with malwarebytes and spybot in and out of safe mode I managed to remove it. I am left how ever with the annoyance of being redirected randomly and pop ups of pages showing my past searches through other search engines. Annoyingly enough I just wrote this email and when I clicked sumit thread I got forwarded and lost everything! Boo.

So, I'm using Avast antivirus. If I do full scan with either malwarebytes or spybot or avast they find issues with tracking cookies and also a proxy server problem found in system restore files. The programs say they remove this but after restarting I still get redirected, and scanning again I get the same issues. I also have random browser connection problems and can not send emails or even submit this thread - I had to copy this to a laptop to submit -

Here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:18:04, on 11/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\R... Read more

A:Random redirects, popups, and connection problems

Read other 7 answers
RELEVANCY SCORE 63.2

Hi there,

My XP Pro computer has been infected by some type of virus/spyware/malware...

I keep getting popups in Internet explorer (even though i use mozilla) pointing me to some type of software sites.

I also get random ad's in the background that play even when no ie, or mozilla window is open.

I cannot run or install spybot search and destroy it wont let me. I also cannot install hijack this, i click on the exe to install and nothing happens.

Any help? I really need this computer for school and it is running so much slower now that it is infected....

Please help...

I am running norton corporate edition, i also have ad-aware, and another program called spyware doctor.

A:Redirects? Random popups? Cant install programs

i renamed hijack this and got it to run, here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:14 PM, on 1/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Co... Read more

Read other 2 answers